-
Can Mend Detect Vulnerabilities in OS packages (RPM, DEB, etc.) within Docker Images? -
Can Mend Detect Vulnerabilities in Source Code and Binaries? -
Can Mend Report on Multiple Versions of the Same Package within a Project? -
Can Mend help confirm if a vulnerable library is being used in a way that is exploitable? For example, a library may contain vulnerabilities, but the application maybe secure if the related features are not used -
Can Mend track OSS licenses of third-party libraries? How can your solution support enforcement of OSS licensing policies? -
Does Mend Notify of Newly Published Vulnerabilities Affecting Your Existing Inventory? -
How Does Mend Deal with Unknown Components? -
Does Mend Track the Country of Origin for Open Source Contributions? -
How are SHA-1 values calculated for source files during Best Match? -
How Does Mend Understand Dependency Hierarchy in the Open Source Project? -
What Support can Mend Provide for Tracking In-House Developed Code? -
What information does Mend provide about CVEs? -
Can I Look Up Libraries and/or Vulnerabilities in the Mend Database? -
Mend SCA OSS Licenses FAQ
.svg){kind=logo}