Legacy Mend UI - Using Policies to Prevent Vulnerabilities, Weaknesses, or License Types

With Mend, you can fail a build using policy violations.

When using the Mend CLI:

• Use the Mend CLI Container Image policy check for build control

• Use the Mend CLI SCA policy check for build control

• Use the Mend CLI SAST policy check for build control

When using the Unified agent:

Using the following configuration file parameters as specified below:

• checkPolicies=true – Every scan the Unified Agent will check if there are policies defined (based on the apiKey). In case of policy violation, the scan will end with ERROR exit code POLICY_VIOLATION (-2).

• forceCheckAllDependencies - When this parameter is set to false, it will fail the build only on the first scan or if there are any dependencies introduced to the Mend projects that violate a defined policy. When this parameter is set to true, it will check all policies for all dependencies introduced to the Mend projects. Meaning, it will fail the build every time (as long as the policy violation was not fixed).

• forceUpdate - When this parameter is set to false, if there is a policy violation, the Unified Agent will not send the scan results to the Mend server. The Exit code will be (-2) and the output- End with Error. When this parameter set to true, the scan will update the organization’s inventory regardless of policy violations. The Exit code- End with SUCCESS and output- No Error message.