Can Mend help confirm if a vulnerable library is being used in a way that is exploitable? For example, a library may contain vulnerabilities, but the application maybe secure if the related features are not used
Yes.
Mend offers Prioritize, a feature powered by the Effective Usage Analysis (EUA) technology, which reveals if reported vulnerabilities are effectively being referenced (directly or indirectly) from proprietary code, providing the relevant file name and line number whence the proprietary call originates. Equipped with such information, developers can consider multiple remediation approaches, including commenting out code, bypassing the code that calls the vulnerability and more.
For more information, please refer to: The Effective Usage Analysis Report