Skip to main content
Skip table of contents

Mend Unified Agent Results with Dependency Resolution

One of the prerequisites for the Unified Agent is to have the relevant package manager installed. This will allow the Unified Agent to perform Dependency Resolution. Dependency Resolution allows Mend to pinpoint specific versions of the direct and transitive dependencies that are in use by using the package manifest and the package manager to build out the dependency tree.

Scan with Package Manager Installed

When the Unified Agent performs Dependency Resolution, it will use the package manager to find the list of all dependencies (direct or transitive) used by the application via the package manifest. This information is then hashed and sent to the Mend server to be analyzed.

Using Maven as an example, When the Unified Agent is able to detect the proper package manager, it will begin parsing the package manifest. The pom.xml is found and the dependency tree is displayed.

maven_installed_parsing.png

In the scan summary, Maven dependencies show 33 total unique dependencies found with 3 HTML dependencies. 

maven_installed_summary.png

These libraries can also be seen reflected on the Mend UI showing 36 libraries.

Scan without Package Manager Installed

Without the package manager installed, the Unified Agent will fail to perform Dependency Resolution. The Unified Agent will continue and try to resolve all the dependencies it can. This will result in a partial scan.

In this Maven example, notice the Unified Agent attempts to run “mvn -v” to verify Maven is present on the machine. The machine throws an error since the package manager is not installed. The agent outputs the error and moves on to the next dependency manifest

maven_not_installed_errors.png

Since the agent was unable to run the package manager, the scan summary will show 0 dependencies for that package manager. Mend was still able to find results for the other packages in the project and those results were sent to the UI.

By default, the Unified Agent will not error out on any major error. This can be configured by setting the failErrorLevel configuration to “ALL”

maven_not_installed_summary.png

These results are also reflected on the UI with the project showing 3 libraries.

Additional Information

Unified Agent Scanning Best Practices

Improving Unified Agent Scan Performance

Configuring the Unified Agent for Nuget

Configuring the Unified Agent for Gradle

Configuring the Unified Agent for Maven

Configuring the Unified Agent for NPM

Configuring the Unified Agent for Python

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.