Skip to main content
Skip table of contents

Prioritize Results based on Context

Note:

  • This feature uses AI. To enable it, your organization must first sign an addendum to your Mend.io contract. Please contact your CSM to initiate this process.

  • This feature is in closed beta.

Overview

This feature delivers AI-driven project classification that analyzes code context (imports, functions, classes) to identify sensitive domains (PII, payments, healthcare, etc.) and apply labels for filtering and workflows.

With this feature, Security Managers can accurately prioritize security issues by factoring in various project traits, not just vulnerability severity, streamlining prioritization at scale.

Getting it done

  1. Navigate to your profile --> Administration.

  2. Toggle AI-Based Project Classification on.

image-20260302-084536.png

Note: Once enabled, the feature will apply for both CLI and Repository Integration scans.

When enabled, snippets of your source code and project details will be shared with Mend.io’s AI model to help extract contextual information and risk factors. This will result in relevant projects having context-based classification labels and risk factors assigned to them automatically.

Context-Based Labels

The context-based labels can be used to cover two main use-cases:

List of Labels

  • Mend:<PROJECT-CLASSIFICATION>

    • AUTHENTICATION

    • PAYMENT

    • PII

    • etc.

  • Mend:ADMIN

  • Mend:TEST_PROJECT

  • Mend:INTENTIONALLY_VULNERABLE

  • Mend:LOCAL_APP

Context-Based Risk Factors

The contextual classification of risk is manifested in the platform as risk factors, visible in the Project Risk Factors column of your Applications and Projects views.

image-20260403-140153.png

Hover over a risk factor chip to reveal

Contextual Risk Categories

The context-based risk factors are grouped into the following main and sub-categories:

  • Sensitive Data

    • PII (personally identifiable information, e.g., names, emails, SSN, phone, address)

    • Payment (e.g., credit cards, transactions, billing)

    • Healthcare (e.g., patient records, diagnoses, medical info)

    • Biometric (e.g., fingerprints, face recognition, voice)

    • Location (e.g., GPS, coordinates, addresses)

    • Government (e.g., tax records, citizen data, compliance)

  • Critical Functionality

    • Admin (e.g., system config, user management)

  • Low Impact

    • Intentionally Vulnerable (most prominently in benchmark projects)

    • Local App (e.g., local python script, desktop app that does not require web access)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close