Skip to main content
Skip table of contents

Understanding Update Requests

This article explains what update requests are, how to obtain them, and how Mend Support Engineers use them when troubleshooting issues.

What are update requests?

When you complete a Mend scan, it generates a file that contains information on all of the files, packages, and libraries found in your project. This file is called the ‘update request', which includes all of the dependencies found by obtaining the dependency tree from any package manager you are using, as well as all of the source files and binaries scanned. Since Mend does not send any of your files or code to our application servers, the update request contains all of the information that is needed to complete our analysis on the dependencies that are currently used by your project. For each dependency, this includes the file or library name, the path where the file was found, and the SHA-1 value of the file or library. Our application uses this information to complete the matching process to match the libraries you use to the open source components in our open source index.

How can you obtain an update request for a scan?

When you complete a successful Unified Agent scan where the parameter ‘offline=false’, the update request is sent to the Mend application servers where it is retained for 4 weeks. Mend Technical Support Engineers are able to obtain the update request if they have been provided the support token for the particular scan. The support token can be found at the end of the Unified Agent scan logs.

When you complete a successful Unified Agent scan where the parameter ‘offline=true’, the update request is not sent to the Mend application servers, and is instead created in the whitesource folder next to the scanned project. This is the only way to obtain update requests if you have an on-premises instance of the Mend application.

What are update requests useful for?

Update requests are used by the Mend Support Team for troubleshooting in many scenarios. A support engineer may obtain an update request in order to:

  • Reproduce your project results in their own environments for testing

  • Determine whether a file was scanned by the Unified Agent

  • Investigate reports of missing dependencies

As a customer, you may find reviewing an update request helpful if your developers expect a dependency to be picked up by the Mend scan but you don’t see it in the Mend UI. In this case, you can review the update request to determine whether the dependency is included in the file. If the dependency is listed in the file, it is likely that the Mend application deemed the dependency non-open source. If the dependency is not included in the file, this indicates that the Unified Agent did not pick up the dependency and that you may need to make adjustments to your Unified Agent configuration.

Some customers generate update requests locally by setting ‘offline=true’ so they can upload the update request to the Mend application server from a separate server than the one they use to complete their scans. This is useful for customers who have strict requirements for which servers may have internet access. More information about scanning in offline mode is available here.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close