Skip to main content
Skip table of contents

Mend DAST

Overview

The Mend.io and Invicti integration allows you to retrieve Invicti DAST scan results and view them directly in the Mend AppSec Platform alongside all other findings for SAST, SCA, and Container findings.
To achieve this, you need to integrate Mend.io and Invicti Enterprise by mapping Mend projects to Invicti targets. Once configured, Invicti's DAST scan results will be synchronized and accessible within the Mend AppSec Platform, providing a comprehensive view of application security risks. 

This guideline focuses on integrating Invicti’s DAST results into the Mend AppSec Platform. For more information about integrating Mend results into Invicti, please visit our documentation here.

Getting it done

Prerequisites

  • A Mend account on the AppSec Platform with admin access to your organization's Mend projects and findings.

  • An active Invicti Enterprise account.

Setting up the Integration

  1. Log into your organization via the Mend Platform.

  2. Navigate to the setting “cog” icon → Integrations:

    image-20250114-225637.png

  3. In the Integrations screen, scroll down to “Scan Engines” and click on Invicti.

    image-20250114-225650.png

  4. You’ll be navigated to the integration set-up screen, where you have to authorize with your Invicti credentials.

  5. Specify your Invicti credentials and choose the Invicti environment you are using.

Note: Invicti DI (Dedicated Instance) environments aren’t currently not supported. Please contact your CSM for more information.

image-20250213-164750.png

To generate your User ID and Token, log into your Invicti account. Click on your name in the top left corner, then select “API Settings”. From there, you will have the option to generate the User ID and Token.

image-20250114-165907.png

  1. Once authorization is completed, the integration will then fetch the targets from Invicti.
    By default, Mend will create a new Application called “Invicti Integration” and map the source targets from Invicti to a newly created project in the Mend AppSec Platform, using the target name.

image-20250114-170124.png

  1. Once the Mapping configuration is done, click Next.

  2. Now, the integration will be finishing the setup with Invciti.

    image-20250114-211921.png

  3. Once completed, click Done. Now, you can find the integration available under the “My Integrations” screen.

    image-20250114-225757.png

Edit an Existing Integration

You can modify an existing integration by navigating to the “My Integrations” screen and clicking on the “dast” engine integration you have created.

A pop-up window will show up with the following options:
(1) Add a new mapping
(2) Delete an existing mapping

image-20250114-172820.png

To add a new mapping, you have to define the connection between Invicti “Source” and the target Mend Application. Then, select the target Project automatically or from the available list.

image-20250114-172923.png

If you select to delete an existing mapping, a message will confirm that the configuration was deleted successfully.

image-20250114-173206.png

View your DAST findings in the Mend AppSec Platform

View your Dynamic Findings in the Mend AppSec Platform
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close