Skip to main content
Skip table of contents

Zero-Day Management in the Mend AppSec Platform

Overview

A Zero‑Day event is a newly disclosed, high‑risk vulnerability which is identified and actively tracked in the Mend AppSec Platform.

During an active Zero‑Day:

  • Mend.io immediately surfaces the risk in the UI.

  • You can investigate impact across your applications and projects.

  • You can enforce policies using workflows and violations (coming soon).

This page explains how the Mend AppSec Platform helps you respond to Zero‑Day vulnerabilities, and what you can actively do in the product when such an event occurs.

Zero‑Day Data

The Mend AppSec Platform provides a dedicated Zero‑Day Data page, available via your Profile menu. It’s designed as a live, authoritative source of Zero‑Day information. It is independent of your inventory: You can see Mend.io’s Zero‑Day data even before or beyond your specific scans.

image-20260323-105624.png

The Zero-Day Data Table

The most recent active Zero‑Day will be selected by default. You can use the drop-down menu at the top to switch between Active Zero‑Days and Historical ones (which remain visible indefinitely).

image-20260323-110359.png

The table exposes a live table of Zero‑Day entries. Available columns include:

  • Library: The library name

  • SHA‑1: The SHA-1 value of the library

  • Finding: The vulnerability ID

  • Data Added: The date the library was added to this zero-day event after being identified by Mend.io.

  • Zero-Day Name

Export Zero-Day Data

You can sort and filter the table as well as export the data in CSV or JSON format (using the Export button at the top-right), to support internal reporting or audits.

This replaces static spreadsheets with a live, UI‑based and API‑backed view.

View Full Exposure

For Zero‑Day response, Mend.io correlates Zero‑Day information with your existing inventory.

  • Source of truth: Your existing inventory from previous scans.

  • Matching logic: A vulnerability is associated with your assets if:

    • MSC ID matches, or

    • Library name matches.

Click the red View Full Exposure button at the lower-right of the Zero-Day Data table to navigate to the zero-day findings report that is relevant to your organization’s inventory.

Note:

  • No new scan is automatically triggered by the Zero‑Day event itself.

  • Mend.io uses what you have already scanned to determine impact.

Zero‑Day Lifecycle and TTL

Each Zero‑Day progresses through two main phases in Mend:

Active phase (Days 0–30 after publication)

image-20260323-112837.png

During the active phase:

  • Awareness and violation banners are displayed where relevant.

  • The Zero‑Day Data page shows status = Active

  • Inventory correlation is active (based on existing scans).

Expired phase (after Day 30)

image-20260323-113047.png

After 30 days:

  • All Zero‑Day banners are removed from the UI.

  • The Zero‑Day is no longer considered active.

  • The Zero‑Day Data page shows status = Expired

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close