Setting up the Mend UI for the Developer Platform Integration
This document assumes you have read the following documents:
Mend Platform Rollout Overview
Cloud Repository Rollout
Please read those documents prior to continuing
Preparing the Mend UI for Integration
Org Structure
The Bitbucket Cloud repository integration requires one Mend Organization linked to many Bitbucket workspaces
An organization should have been created for you by a Mend.io Representative. Please reach out to your CSM if you need assistance getting access to your organization.
Application and Project Structure
The application and project structure of the Bitbucket repository integration is as follows:
Application - BB_<Name of the Bitbucket Workspace>
Project - BB_<Name of the Bitbucket Repository>_<BranchName>
For example if you have a Bitbucket Workspace named “MyWorkspace,” a repository “MyRepo” with default branch of Main and a branch of V2.0 the information in the Mend UI will be structured as shown below:
By default, Mend will only upload the results of the scan that occurs on the default branch of the repository. All valid commits and pull requests are scanned by Mend. Unless specified by the configuration, These results are put into a hidden temporary org for display in the integration as a noise reduction feature.
It is recommended to set up your rollout strategy first, then add additional branches afterwards. Instructions for setting up additional branches will be included in the Advanced Configurations document.
Access Control
Mend controls user access to information within the UI through Groups and Roles.
Groups are a collection of users. Mend will automatically create two groups when an organization is created: Admin and Users. Users have read-only access to the application and Admins have full access to the application.
For instructions on how to create groups, please follow Manage Groups in the Mend Platform
Roles are the permission level within the application. These are split into Organization level and Application level roles.
Roles can be applied to Groups granting permissions to every user in that group or to Users directly. Mend recommends managing user permissions through groups and only assigning direct permissions to users as an exception.
For instructions on assigning roles to groups and see the permission level of each role see Manage Roles in the Mend Platform
When integrating with SAML integrations, users can be added automatically to groups but Mend will never automatically assign a Role to a group except the default Admin and User groups created with the Organization. See here for more details.
Adding Users
Users can be added manually or automatically through the SAML integration.
Once a user signs in, they will be assigned to the users group automatically and have read view of all applications/projects.
For instructions on how to add users manually see Manage Users in the Mend Platform.
SAML Integration
Single Org
Setup SAML Integration by following the documentation for “Organization SSO”. Ignore Role mapping and set up a valid SAML Attribute Statement for the Key Attribute “Groups”. These will become your Mend Groups when a user signs in.
In addition to being added to the Users group, a new user also be assigned a Mend Group created by the SAML Attribute Statement. This group will have no roles.
Additional Guides
For a more detailed guide on how the SAML Access Control is set up, please see SAML Access Control Setup Guide
Next Steps
Configure your integration and turn on scanning features by following: Configure and Enable Developer Platform for Bitbucket Cloud