Skip to main content
Skip table of contents

Setting up the Mend UI for Github.com Integration

This document will focus on executing the rollout decisions made following documents:

Mend Platform Rollout Overview
Cloud Repository Rollout

Please read the previous documents prior to continuing.

Preparing the Mend UI for Integration

Organization Structure

The GitHub repository integration requires one Mend Organization for each GitHub Organization linked via Accounts in the Mend Platform.

image-20240210-033809.png

 

An organization should have been created for you by a Mend.io Representative. Please reach out to your CSM if you need assistance getting access to your organization.

If you have multiple GitHub Organizations and require additional Mend Organizations, a global account needs to be created in order to link all your Mend organizations together for SSO integration. If you are unsure if this has been set up, you can reach out to Mend Support to have one created via the Mend Support Portal.

After a global organization has been created for you, additional Mend organizations for each GitHub organization needs to be created by your Mend admin by clicking on the Gear icon in the top right corner on any Mend Platform screen and selecting “Administration”. On the Administration page go to “General” then click “Create Organization”

image-20240717-152408.png

image-20240717-152610.png

Application and Project Structure

The application and project structure of the GitHub repository integration is as follows:

Application - GH_<Name of the GitHub Repository>

Project - GH_<Name of the GitHub Repository>_<Branch (if configured)>

For example if you have a GitHub Repo named MyRepo with a default branch of Main and a Release Branch of V2.0 the information in the Mend UI will be structured as shown below

Application structure (2)-20240719-180400.png

By default, Mend will only upload the results of the scan that occurs on the default branch of the repository. All valid commits and pull requests are scanned by Mend. Unless specified by the configuration, These results are put into a hidden temporary org for display in the integration as a noise reduction feature.

It is recommended to set up your rollout strategy first, then add additional branches afterwards. Instructions for setting up additional branches will be included in the Advanced Configurations document.

Access Control

Mend controls user access to information within the UI through Groups and Roles.

Groups are a collection of users. Mend will automatically create two groups when an organization is created: Admin and Users. Users have read-only access to the application and Admins have full access to the application.

For instructions on how to create groups, please follow Manage Groups in the Mend Platform

Roles are the permission level within the application. These are split into Organization level and Application level roles.

Roles can be applied to Groups granting permissions to every user in that group or to Users directly. Mend recommends managing user permissions through groups and only assigning direct permissions to users as an exception.

For instructions on assigning roles to groups and see the permission level of each role see Manage Roles in the Mend Platform

When integrating with SAML integrations, users can be added automatically to groups but Mend will never automatically assign a Role to a group except the default Admin and User groups created with the Organization. See here for more details.

Adding Users

Users can be added manually or automatically through the SAML integration.

Once a user signs in, they will be assigned to the users group automatically and have read view of all applications/projects.

For instructions on how to add users manually see Manage Users in the Mend Platform.

SAML Integration

Single Org

Setup SAML Integration by following the documentation for “Organization SSO”. Ignore Role mapping and set up a valid SAML Attribute Statement for the Key Attribute “Groups”. These will become your Mend Groups when a user signs in.

In addition to being added to the Users group, a new user also be assigned a Mend Group created by the SAML Attribute Statement. This group will have no roles.

Multi-Org

Mend SAML Integration does not automatically create groups for global accounts. Within each of your organizations, you will need to create the desired user groups. User assignment to groups can be ignored, that will be handled by the SSO integration through Role Mapping.

Setup SAML Integration by following the documentation for “Account SSO”. To automatically assign users to a specific Mend Group within an Organization, a valid SAML Attribute Statement for the Key Attribute “Role” needs to be set and the Role Mapping must be provided. For details on setting up Role Mapping see Global Account - Map SAML Property to Mend Group

Additional Guides

For a more detailed guide on how the SAML Access Control is set up, please see SAML Access Control Setup Guide

Next Steps

Configure your integration and turn on scanning features by following: Configure and Enable Mend for Github.com

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close