Skip to main content
Skip table of contents

Wrapping up Developer Platform Rollout

This document assumes you have read the following documents and their child pages:

Mend Platform Rollout Overview
Cloud Repository Rollout
Mend Developer Platform for Azure DevOps

Mend Developer Platform for Bitbucket Cloud

Please read those documents prior to continuing

Rolling out Mend to Pilot Repositories

Once all the desired settings have been set and tested, it is time to start rolling out Mend to your pilot teams by enabling the desired settings on their specific repositories. It is recommended to select up to 10 repositories that give a good representation of your tech stack.

Retrieving Scan Logs

When running into issues with scans, the scan logs are the first place to start looking for troubleshooting. The scan logs for every scan performed by the Developer Platform are available in the Developer Platform UI by clicking on the desired repository and under “recent jobs” clicking on a recently completed job. This will pull up the scan log for that job.

image-20240724-192348.png

Next Steps

Congratulations on completing your Mend Developer Platform Rollout! From here the recommended next steps would be to collect feedback from your pilot teams and tweak the integration based on feedback. Once ready, you can enable settings globally to rollout all repositories if using a phased approach or turn on result consumption features if using a silent approach.

For configuration options that are more specific to individual preference and use cases see Mend Developer Platform Advanced Configurations.

If you are using Private Registries, the integration will need to be configured to provide the scanner access to those registries. See Configure Mend Developer Platform for SCA - Credentials for the initial set up.

The document Analyze your Results in the Mend Platform will give you a better understanding of how to view and triage your results from within the Mend Platform while Prioritizing Findings gives a high level overview of where to start addressing your findings.

Creating automation workflows will allow you enforce company policies around vulnerabilities or licenses, create Jira issues or send emails to the right teams if new critical vulnerability is discovered.

For SAST Scans you can customize the Code Scan configurations to set up path exclusions or adjust CWE severities to match your policies.

If you wish to scan Container Images, Mend has two options to scan your images detailed inContainer Image Scans - Registry vs. Pipeline

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close