Mend Unified Agent Results with Dependency Resolution
One of the prerequisites for the Unified Agent is to have the relevant package manager installed. This will allow the Unified Agent to perform Dependency Resolution. Dependency Resolution allows Mend to pinpoint specific versions of the direct and transitive dependencies that are in use by using the package manifest and the package manager to build out the dependency tree.
Scan with Package Manager Installed
When the Unified Agent performs Dependency Resolution, it will use the package manager to find the list of all dependencies (direct or transitive) used by the application via the package manifest. This information is then hashed and sent to the Mend server to be analyzed.
Using Maven as an example, When the Unified Agent is able to detect the proper package manager, it will begin parsing the package manifest. The pom.xml is found and the dependency tree is displayed.
In the scan summary, Maven dependencies show 33 total unique dependencies found with 3 HTML dependencies.
These libraries can also be seen reflected on the Mend UI showing 36 libraries.
Scan without Package Manager Installed
Without the package manager installed, the Unified Agent will fail to perform Dependency Resolution. The Unified Agent will continue and try to resolve all the dependencies it can. This will result in a partial scan.
In this Maven example, notice the Unified Agent attempts to run “mvn -v” to verify Maven is present on the machine. The machine throws an error since the package manager is not installed. The agent outputs the error and moves on to the next dependency manifest
Since the agent was unable to run the package manager, the scan summary will show 0 dependencies for that package manager. Mend was still able to find results for the other packages in the project and those results were sent to the UI.
By default, the Unified Agent will not error out on any major error. This can be configured by setting the failErrorLevel configuration to “ALL”
These results are also reflected on the UI with the project showing 3 libraries.
Additional Information
Unified Agent Scanning Best Practices
Improving Unified Agent Scan Performance
Configuring the Unified Agent for Nuget
Configuring the Unified Agent for Gradle
Configuring the Unified Agent for Maven
Configuring the Unified Agent for NPM
Configuring the Unified Agent for Python