View the results of your Mend CLI SAST scan
Overview
Once your Mend CLI SAST scan is completed, there are multiple resources provided to help you review, analyze, and triage your results.
Console results
The Mend CLI SAST scan outputs a summary of the detected security findings ordered by severity and language:
Automation Workflow Violations
If the Mend CLI SAST scan scope falls under your workflow created in the Mend Platform Application, the Mend CLI will print out any violations found in the terminal. The information will be separated into 2 tables, as you can see in the following example:
The Violating Findings Table
The table lists the top 50 violated findings created following the scan.
The table will include the following columns:
Finding - The vulnerability finding
Origin - The affected library
Violations - The number of violations created following the finding
Workflows - The names of the Automation Workflows which triggered the violation
The Violating Workflows Table
The table lists all the Automation Workflows that triggered policy violations.
Field | Description |
|---|---|
| The name of the workflow condition that violated the policy. |
| The type of condition that was violated. The available values are available in our Workflow configuration parameters documentation. |
Note: The tables will not appear if no violations occurred.
Mend Platform Application
Within the Mend Platform Application, you can review each Mend CLI scan’s summary, details, and more. For more information on how to navigate your scan findings within the Mend Platform Application, visit our documentation: Analyze your results in the Mend Application.
Mend CLI SAST Logs
At the end of the Mend CLI SAST scan, there is a Support token that can be provided to Mend Support and is extremely helpful for troubleshooting purposes.
The Mend CLI stores SAST scan logs in the .mend/logs/sast directory.