Skip to main content
Skip table of contents

Source File Matching with specific Package Managers - Unified Agent

The Mend CLI supports scanning for package managers and source file detection with the mend dep -e command. If the Mend CLI and the Unified Agent lack dependency resolution for a specific package manager, it is still possible to discover libraries by using source file matching detection methods. This article shows examples for a few popular package managers, but the principle can be applied to any package manager as long as the source file types are supported as shown in Supported File Formats.

Please keep in mind that source file matching is a best effort detection and library to source file assignment may need to be updated in the user interface.

General Recommendations

  • Set the package manager cache to the local directory

  • Build the application or install the dependencies using the package manager command

  • Download the Mend CLI and authenticate using the proper credentials

  • Scan the application with the Mend CLI using extended mode

Mend CLI Download and Scan

BASH 
curl https://downloads.mend.io/cli/linux_amd64/mend -o /usr/local/bin/mend && chmod +x /usr/local/bin/mend

export MEND_URL=https://saas.mend.io
export MEND_EMAIL=your-user-email
export MEND_USER_KEY=your-user-key

mend dep -u -e

Conan for C++

BASH 
cd /my/directory/to/scan
export CONAN_USER_HOME=$PWD
conan install .

Flutter/Pub for DART

  • Update the pub local cache before building to the present working directory that will be scanned

  • Install the dependencies using flutter get or pub get depending on which package manager is installed at the command line

BASH 
cd /my/directory/to/scan
export PUB_CACHE=$PWD
flutter get || pub get

LuaRocks for LUA

  • Build your project using a tree that is contained within the directory to build and scan

    • Using luarocks build by itself will not work as the source files for the packages are pulled into a shared user folder instead of the ./rocks folder as shown below.

BASH 
cd /my/directory/to/scan
luarocks build --tree ./rocks
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close