Skip to main content
Skip table of contents

Existing SAST Customer - Changing Pipelines from Legacy Mend SAST UI to Mend Platform

Overview

When scanning custom code with the Mend CLI, there are a couple of settings needed for the results to appear on the Mend Platform. This document will go over the required changes to move your Mend SAST scans to the Mend Platform

Replace the API Key with a User Key

To send scans to the Mend Platform, a User Key will need to be generated from the Mend Platform. This key should be used to authenticate for the Mend CLI instead of the API key that was used for Mend SAST. The steps to generate a User Key in the Mend Platform can be found here.

The user needs to have at least “Scan Manager” permissions in order to scan and send data to the UI.

Mend highly recommends creating a service user when using the Mend CLI to scan. To create a service user, see Managing Service Users

Replace the --app parameter with --scope

If your pipeline is using --app to specify the application the scan is associated with, this will need to be changed to --scope. Applications have a different meaning in Mend Platform than they did in Mend SAST. In the Mend SAST, you had a three tiered system of Org -> Application -> Scans. In the Mend Platform, Applications are one tier higher and have been replaced by projects. The hierarchy goes Org -> Application -> Projects -> Scans.

sast platform flow.png

The format of the --scope variable is similar to --app: <org_name>//<application_name>//<project_name>. If the provided application/project are not present on the Mend Platform, a new application/project will be created.

If a shorter scope is provided, the values lower in the hierarchy will be set. --scope test_app//test_project will set the application name and the project name. A single scope will set only the project. If no scope is provided, the organization will be last org the user using the CLI signed into, the application will be set to repo organization name as specified in the .git/config file and the project will be named after the directory the CLI is ran from unless --dir is specified.

Remove MEND_ORGANIZATION Environment Variable

The Mend CLI has an environment parameter MEND_ORGANIZATION that will specify the organization the results are sent to. This can be accomplished with the --scope parameter which will allow for more flexible execution. If using a service user, the organization will default to the org the service user is created for removing the need to use the MEND_ORGANIZATION environment variable.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.