Mend.io configuration
mend io specializes in software composition analysis (sca), static application security testing (sast), and container security, helping developers to securely manage open source risks, license compliance, and ai generated code supports mend io as an integral part of your security sdlc regimen prerequisites the following items are prerequiste to mend io integration with mend io account access policy as platform administrator role users must be assigned the platform administrator role to create and manage connections administrator role users must be assigned the administrator role to create and manage configurations integration procedure the following procedure create a userkey creat a connection tool configuration – secure phase onboard the technical service details are available in subsequent sections create a userkey use the following procedure to create a userkey click on manage & administer → connections management click tool connections from the left side menu you will be redirected to the tool connections page click add connection choose connection type as mend io name local account name for reference enter the mend io host url example https //test mend io enter the created e mail and userkey create a connection use the following procedure to create a connection navigate to → settings & utilities → application configurations click the overflow menu for the chosen application and click on edit tools configuration you will be redirected to the add tools step select secure for phase click add tool configuration the service navigates to the edit tool configuration step select category as license scan select tool engine as mend io complete the configurations, categorized into two tabs ( release and license status ) click add configuration tool configuration use the following procedure to add mend io to navigate to → set tings & utilities → application configurations click the overflow menu for the chosen application click on edit tools configuration the service navigates to the add tools step select the phase as secure click on add tool configuration the service navigates to the edit tool configuration step select category as license scan select tool engine as mend io complete the form, categorized into two tabs ( release and license status ) click add configuration release identification takes the following format prefix signifies the starting sequence of characters for releases, with the default value being empty variable signifies the starting sequence of characters for releases, with the default value being empty the release format is applicable to identify the release names in issues and the release branches the tool configuration inherits the release prefix and variable from the application to override these values only for this configuration, click on the edit button and make the necessary changes changing the values here will not impact the release prefix and variable set in the application example prefix and variable designators prefix variable matched example release yyyy mm dd release 2023 03 10,release 2023 04 12,release 2023 02 17 release release 2023 03 10,release 2023 04 12,release 2023 02 17 rel rel 2023,rel 2022 release release 2023 mar 10,release 2023 apr 12,release 2023 feb 17 release + release 2023 mar 10,release 2023 04 12,release 2023 february 17 release + + release 23 mar 10,release 2023 04 12,release 2023 february 17 release release 2023 03 10 03,release 2023 04 12 10 2023,2022,2021 version version1,version2023,version2 3 supported license status includes the following allowed denied need approval the mend io tool classifies license risks into low, medium, and high categories these risk levels should be mapped to the allowed, need approval and denied in di onboard the technical service use the following procedure to onboard the technical service navigate to → settings & utilities → application configurations click the overflow menu for the chosen application select onboard technical service select the phase as secure select the category as license scan select the tool engine as mend io for connection , select connection name from the drop down for repository , select repository name from the drop down click onboard to onboard the technical service delete the technical service you have the option of deleting the technical sertvice at any time use the following procedure navigate to → settings & utilities → application configurations expand the application to see all the associated phases click the overflow menu for the phase ( secure ) click delete technical service select the category as license scan select tool engine as mend io select the organization and repository click delete