Mend AppSec Platform Release Notes
Mend.io may modify this page retroactively from time to time.
To stay informed about hotfixes, modifications, and additions to Mend's products, check this page from time to time in between official releases.
For the release notes of Mend.io’s other products, visit the main release notes page.
For release notes pertaining to the Legacy SCA Core application, please visit this page.
Version 24.10.3 (17-November-2024)
New Features and Updates
An integration with Jira Data Center for issue creation and tracking is now available.
Violation data is now available via an API, empowering you to monitor, analyze and act on security and compliance violations with greater efficiency, ensuring that the most critical issues are addressed promptly.
Version 24.10.1 (20-October-2024)
Resolved Issues
Fixed an issue where, under certain circumstances, report generation would hang indefinitely with no option to cancel the report generation. Moving forward, report generation will time out after 24 hours and will be indicated appropriately in the user interface.
Version 24.9.2 (13-October-2024)
New Features and Updates
Added seamless sign-in with any Identity Provider (IDP) to automatically log into Mend.io. To activate this feature, simply switch on the toggle in the Settings.
Mend Code results can now be integrated into Invicti, our partner for dynamic application security testing (DAST), to get a holistic view of SAST and DAST code findings.
Resolved Issues
Projects and Applications created through the API are now correctly counted in the Dashboard metrics.
Fixed an issue where the Mend Platform did not accept single-level domain names for repository integrations.
(15-September-2024)
Workflow templates are now generally available. The templates are Mend.io’s definition for security and compliance best practices. Selecting a template will pre-fill a new workflow that can be customized as needed. Mend.io recommends using labels in the workflow scope to target specific high-risk applications or projects. allowing users to easily create new workflows that abide by Mend.io’s recommendations and best-practices.
This feature also introduces violation representations across multiple views in the Mend Platform. Users can now view violation counts for each Application and Project, and access a dedicated view to manage violations, with options to suppress findings, create Jira tickets and more.
Version 24.8.2 (09-September-2024)
Resolved Issues
Projects and Applications created through the API are now correctly counted in the Dashboard metrics.
Fixed an issue where the Mend Platform did not accept single-level domain names for repository integrations.
Version 24.7.2 (11-August-2024)
New Features and Updates
The license selection process in Dependencies/Container workflows has been improved. Users can now search for and select multiple licenses without the search term clearing after each selection.
New CLI outputs for Workflow Violations have been added. The CLI now includes two tables: One for detected violations and another for the workflows that triggered them. These tables appear only if violations are found, providing details such as Finding, Origin, Violations, and Workflows.
Documentation links in the Integrations page have been updated and now refer users to more recent and more accurate materials in the Mend.io documentation.
Added the option for users to define customized tags (metadata) in their repositories. This metadata will be extracted and presented in the Mend Platform UI with the relevant information of the specific repository.
(Closed Beta) Added workflow templates, allowing users to easily create new workflows that abide by Mend.io’s recommendations and best-practices.
Various Mend AI improvements and updates.
A “Create Report” button has been added to the ML BOM tab of the SBOM page in the UI, allowing users to create an SBOM report containing only ML BOM libraries.
Resolved Issues
Jira Cloud integration: Fixed an issue where duplicate comments would be added to issues. Moving forward, only relevant updates will be applied.
Version 24.7.1 (28-July-2024)
New Features and Updates
Enhanced the Scope conditions in workflows to support different permutations. You can now use "project in" alongside "project regex" or "application in" with "application regex" simultaneously. This feature is consistent across both the API and UI, enabling more flexible filtering and management of applications and projects.
Removed the Vulnerability Score Type from the conditions dropdown in the Containers Workflows on the Workflow creation page.
Added 'EPSS Score' as a standalone condition in the Containers Trigger Event, aligning it with the Dependencies condition list.
Updated the conditions of Vulnerability Score and CVSS conditions in the Workflow creation page. Containers now target CVSS score version 3.0, while Dependencies target the default CVSS score version based on configuration.
Updated the condition selection feature, allowing for the selection of the same condition up to 5 times, addressing previous limitations.
The Dependencies SBOM and Container Image SBOM reports now include a drop-down menu instead of radio buttons, for selecting the desired SBOM standard.
Version 24.5.1 (19-May-2024)
New Features and Updates
Added conditions and a predefined list of licenses to select from in the Licenses section of the automation workflows.
Added label-based scope conditions to the automation workflows, allowing users to define the scope in which the automation workflows will be triggered. The default is organization-level.
Version 24.3.2 (8-April-2024)
New Features and Updates - Q1, 2024
Data from all of Mend.io’s scan engines [Code (SAST) | Dependencies (SCA) | Containers (Images)] are now available in a consolidated display in the Applications and Projects pages in the UI. You can now pick and choose which scan engine data to display.
Introducing the Automation Engine, which enables you to enforce workflow policies automatically throughout your development teams' software development life cycle, to enhance operational efficiency and bolster overall application security.
Jira ticket creation is now available as part of the Automation Engine, allowing you to customize the Jira ticket creation workflow independently for each scan engine (Code | Dependencies | Containers).
The SAML integration (Administration → SAML Integration) has been enhanced to provide an improved user experience.
Introducing APIv3, encompassing Code (SAST), Dependencies (SCA) and Containers (Images), as well as the Mend Platform application itself.
Added the following actions to the Automation Engine workflows: Email Notification, Assign Label, Create Violation, Jira Issue. Users can choose one or more actions per workflow.
Added Vulnerabilities, Remediation and Suppressions Trendline on the Dashboard.
Core SCA vs. Mend Platform - Added side-by-side bidirectional user navigation support.