Skip to main content
Skip table of contents

Mend CLI Release Notes

  • Mend.io reserves the right to modify this page retroactively.

  • To stay informed about hotfixes, modifications, and additions to Mend.io's products, check this page from time to time in between official releases or use our RSS Feed: image-20250820-105650.png

  • Click here to view known issues.

  • Self-contained CLI versions are released in tandem with Mend CLI.

  • Access all release notes for Mend.io’s products.

Version 26.3.1 (23-March-2026)

New Features and Updates

  • (SCA) Added support for the uv package manager, enabling security scanning and Reachability analysis for Python projects managed with uv.

  • (SCA) Added support for disabling specific package manager resolvers using the MEND_SCA_{PACAKGE_MANAGER}_RESOLVEDEPENDENCIES environment variable, allowing more granular control over dependency resolution.

  • (SAST) Updated some of the CLI’s Code dependencies for improved security.

Version 26.2.2 (09-March-2026)

New Features and Updates

  • The mend auth command now provides a unified login experience — there is no longer a need to select between SAST and SCA during authentication. A single login applies to all scan engines, simplifying CLI setup. Existing environment variable configurations continue to work for backward compatibility.

    • This feature will be rolled out gradually to all environments until March 23rd.

Version 26.2.1 (23-February-2026)

New Features and Updates

  • Improved the CLI’s log file processing and zipping to optimize handling of large log file uploads.

  • (SCA) The CLI will now visually indicate whether a Mend AI scan has started running and, upon completion, whether it succeeded.

(18-February-2026)

Version 26.1.2 (09-February-2026)

New Features and Updates

  • (SCA) Added Reachability support to the CLI in self-contained mode, allowing users to run reachability checks without external dependencies. All required artifacts are now bundled and extracted for all supported operating systems, improving usability for air-gapped and enterprise environments.

  • (SCA) Added a new CLI log parameter that allows users to print logs directly to the console, making it easier to monitor activity and understand process flow in real time.

Resolved Issues

  • (SCA) Fixed an issue where post-scan cleanup and statistics were not executed if the scan process ended with an error, ensuring proper handling and reporting even when scans fail.

  • (SCA) Fixed an issue where scans relying on certain package managers failed, under certain conditions.

  • (SCA) Fixed an issue where scans of .NET projects would fail with error MSB4057 if a <Project> tag existed under <ProjectReference> in the .csproj file. Scans now complete successfully in this scenario.

Version 26.1.1 (26-January-2026)

  • No notable updates.

Version 25.12.1 (05-January-2026)

Resolved Issues

  • Updated Mend CLI code scan dependencies for improved security.

  • (SCA) Fixed an issue where the CLI failed to scan SBT projects containing logLevel settings in build.sbt, resulting in no dependencies being detected and scan failures. SBT projects with customized logging can now be scanned successfully.

Version 25.11.2 (22-December-2025)

New Features and Updates

  • (SCA) Hotfix:

    • The SCA CLI now supports tags with increased key and value lengths up to 255 characters, removes the previous 20-tag limit, and allows a broader range of characters.

    • Added a new CLI parameter, --persist-logs, that allows users to persist all log levels, including INFO, to a specified directory after every SCA scan. This enhancement ensures comprehensive log availability for auditing, compliance, and integration with external log management systems, regardless of scan outcome.

Version 25.11.1.1 (03-December-2025)

Resolved Issues

  • (SCA) Hotfix: Fixed an issue where scan tags were not displayed in the platform UI, under certain conditions.

Version 25.11.1 (01-December-2025)

New Features and Updates

  • (SCA) Conan support in SCA scans, including Reachability analysis, is now generally available.

  • (SCA) The yarn package manager v4.x is now officially supported.

  • (SAST) Organizations are now sorted alphabetically in the CLI’s organization selection step, making it easier and faster to navigate large lists.

Version 25.10.3 (17-November-2025)

New Features and Updates

  • (SCA) Automation Workflows now apply in every CLI dependencies scan, regardless of whether the --update parameter is specified in the scan command or not.

    • This update has been in limited availability since Oct 27th and is now generally available.

Version 25.10.2 (03-November-2025)

New Features and Updates

  • (SCA) (Open Beta) (Limited Availability) Mend CLI now supports the Conan package manager, including Reachability analysis.
    This new ability to scan Conan projects requires no additional configuration. It will be rolled out gradually over the next few weeks.

(27-October-2025)

New Features and Updates

  • (SCA) Introducing a change where Automation Workflows apply in every dependencies scan, regardless of whether the --update parameter is specified in the scan command or not.

Version 25.10.1 (23-October-2025)

New Features and Updates

  • (SCA) The following languages and package managers are now officially supported:

    • Node.js 24.x (language)

    • npm 11.x (package manager)

    • Gradle 9.x (package manager)

Version 25.8.2 (08-September-2025)

Resolved Issues

  • (SCA) Fixed an issue where executing multiple dependency scans simultaneously on the same machine would lead to scan results not being displayed properly in the console and platform UI.

Version 25.8.1 (25-August-2025)

  • No notable updates.

Version 25.7.2 (11-August-2025)

  • No notable updates.

Version 25.7.1 (28-July-2025)

  • No notable updates.

Version 25.6.2 (14-July-2025)

New Features and Updates

  • (SCA) Introducing the MEND_SCA_EXCLUDE_SUBPROJECTS environment variable for excluding specific subprojects/modules from the scan.
    This enhancement improves CI/CD integration and developer autonomy.

Resolved Issues

  • (SCA) Added support for scanning NuGet manifests when the 'solution dir' variable is used in the .csproj file. Customers who use this variable will now be able to scan the manifest file.

Version 25.6.1.1 (10-July-2025)

Resolved Issues

  • (SCA) Hotfix: Fixed an issue where the CLI would incorrectly report an invalid organization token, leading to scan failure.

Version 25.5.2 (18-June-2025)

Resolved Issues

  • (SCA) Fixed an issue which caused scan times to increase, in some edge cases.

Version 25.4.3 (19-May-2025)

New Features and Updates

  • Improved CLI reliability by attempting to use multiple ports when some are unavailable.

  • (SCA) Introducing the MEND_SCA_EXCLUDE_DEP_CLASS environment variable for Gradle.
    Users can specify Gradle configurations to exclude from scans, offering more control over scan results and minimizing irrelevant output. By default, configurations with "test" in their name remain excluded.

Version 25.4.2 (05-May-2025)

New Features and Updates

  • (SAST) SAST scanning now supports timeout values exceeding 30 minutes.

Resolved Issues

  • (SCA) Fixed an issue where Yarn dev dependencies were not being excluded from the scan.

Version 25.4.1 (21-April-2025)

New Features and Updates

  • (SCA) Implemented a fallback resolution for Ruby in case the gemfile.lock file is missing, which resolves a flat dependency list.

Version 25.3.2.1 (08-April-2025)

Resolved Issues

  • (SCA) Hotfix: Resolved an issue where yarn dev dependencies were not being excluded from the scan.

Version 25.3.2 (07-April-2025)

New Features and Updates

  • (SCA) Introducing a change in the caching mechanism, improving Reachability performance.

    • Customers using the CLI in their pipelines can disable this feature using the MEND_SCA_REACHABILITY_CACHE environment variable.

    • The feature is disabled by default in dedicated instances. It can be enabled using the MEND_SCA_REACHABILITY_CACHE environment variable.

Resolved Issues

  • (SAST) Enhanced CLI detection logic to support Docker containers using cgroup V2, ensuring accurate container environment identification.

Version 25.3.1.1 (02-April-2025)

Resolved Issues

  • (SCA) Hotfix:

    • Fixed an issue where projects were created with an incorrect project name format in SCA Legacy Core and Mend AppSec Platform when scanning Git repositories.

    • Fixed an issue where error messages for unknown flags or missing arguments were displayed in red, even when {{--no-color}} or {{--non-interactive}} flags were used.

Version 25.3.1 (24-March-2025)

New Features and Updates

  • (SCA) Poetry version 2 is now supported.

  • (SCA) Improved npm resolution accuracy by supporting package aliasing with npm packages.

Resolved Issues

  • (SCA) Fixed an issue where the CLI did not respect the MEND_SCA_REACHABILITY environment variable.

  • (SCA) Fixed an issue where the CLI did not respect the --dir parameter.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close