Services

Explore Kyndryl Bridge Services

Mend.io Configuration
Published On Apr 28, 2026 - 1:50 PM

Mend.io Configuration

Learn how to configure DevOps Intelligence for the integration of Mend.io to broaden the observability of your hybrid IT estate.
Mend.io specializes in Software Composition Analysis (SCA), Static Application Security Testing (SAST), and container security, helping developers to securely manage open-source risks, license compliance, and AI-generated code. DevOps Intelligence supports Mend.io as an integral part of your security SDLC regimen.

Prerequisites

The following items are prerequiste to Mend.io integration with DevOps Intelligence:
  • Mend.io account
  • Access Policy as Platform Administrator role: Users must be assigned the Platform Administrator role to create and manage connections.
  • DevOps Inteligence Administrator role: Users must be assigned the DevOps Intelligence Administrator role to create and manage configurations.

Integration procedure

The following procedure:
  1. Create a UserKey.
  2. Creat a Connection.
  3. Tool Configuration – Secure Phase
  4. Onboard the technical service
Details are available in subsequent sections:

Create a UserKey

Use the following procedure to create a UserKey:
  1. Click on Manage & Administer → Connections Management.
  2. Click
    Tool Connections
     from the left-side menu. You will be redirected to the
    Tool Connections
     page.
  3. Click
    Add Connection
    .
  4. Choose Connection type as
    Mend.io
    .
  5. Name Local account name for reference.
  6. Enter the Mend.io Host URL. Example:
    https://test.mend.io
  7. Enter the created e-mail and Userkey.

Create a connection

Use the following procedure to create a connection:
  1. Navigate to DevOps Intelligence →
    Settings & Utilities
    Application Configurations
    .
  2. Click the overflow menu for the chosen application and click on
    Edit Tools Configuration
    . You will be redirected to the
    Add Tools
     step.
  3. Select Secure for
    Phase
    .
  4. Click
    Add Tool Configuration
    . The service navigates to the
    Edit Tool Configuration
     step.
  5. Select category as
    License Scan
    . Select Tool Engine as
    Mend.io
    .
  6. Complete the configurations, categorized into two tabs (
    Release
     and
    License status
    ).
  7. Click
    Add Configuration
    .

Tool configuration

Use the following procedure to add Mend.io to DevOps Intelligence.
  1. Navigate to DevOps Intelligence → Settings & Utilities → Application Configurations.
  2. Click the overflow menu for the chosen application
  3. Click on Edit Tools Configuration. The service navigates to the
    Add Tools
     step.
  4. Select the phase as Secure.
  5. Click on
    Add Tool Configuration
    . The service navigates to the
    Edit Tool Configuration
     step.
  6. Select category as
    License Scan
    .
  7. Select Tool engine as
    Mend.io
    .
  8. Complete the form, categorized into two tabs (
    Release
     and
    License status
    ).
  9. Click
    Add Configuration
    .
Release Identification takes the following format:
  • Prefix signifies the starting sequence of characters for releases, with the default value being empty.
  • Variable signifies the starting sequence of characters for releases, with the default value being empty.
  • The release format is applicable to identify the release names in issues and the release branches.
The tool configuration inherits the release prefix and variable from the application. To override these values only for this configuration, click on the
Edit
button and make the necessary changes. Changing the values here will not impact the release prefix and variable set in the application.
Example Prefix and Variable designators
Prefix
Variable
Matched Example
release-
YYYY.MM.DD
release-2023.03.10,release-2023.04.12,release-2023.02.17
release-
**** .*** .**
release-2023 .03 .10,release-2023 .04 .12,release-2023 .02 .17
rel-
****
rel-2023,rel-2022
release-
**** .*** .**
release-2023 .Mar .10,release-2023 .Apr .12,release-2023 .Feb .17
release-
**** .*+ .**
release-2023 .Mar .10,release-2023 .04 .12,release-2023 .February .17
release-
*+ .*+ .**
release-23 .Mar .10,release-2023 .04 .12,release-2023 .February .17
release-
**** .** .** .**
release-2023 .03 .10 .03,release-2023 .04 .12 .10
****
2023,2022,2021
version
version1,version2023,version2.3
Supported License Status includes the following:
  • Allowed
  • Denied
  • Need Approval
The Mend.io tool classifies license risks into Low, Medium, and High categories. These risk levels should be mapped to the Allowed, Need Approval and Denied in DI.

Onboard the Technical Service

Use the following procedure to onboard the technical service:
  1. Navigate to DevOps Intelligence →
    Settings & Utilities
    Application Configurations
    .
  2. Click the overflow menu for the chosen application
  3. Select
    Onboard Technical Service
    .
  4. Select the phase as
    Secure
    .
  5. Select the category as
    License Scan
    .
  6. Select the tool engine as
    Mend.io
    .
  7. For
    Connection
    , select connection name from the drop down.
  8. For
    Repository
    , select repository name from the drop down.
  9. Click
    Onboard
     to onboard the technical service.

Delete the Technical Service

You have the option of deleting the technical sertvice at any time. Use the following procedure:
  1. Navigate to DevOps Intelligence →
    Settings & Utilities
    Application Configurations
    .
  2. Expand the application to see all the associated phases.
  3. Click the overflow menu for the phase (
    Secure
    ).
  4. Click
    Delete Technical Service
    .
  5. Select the category as
    License Scan
    .
  6. Select tool engine as Mend.io.
  7. Select the Organization and Repository.
  8. Click
    Delete
    .
Do you have two minutes for a quick survey?
Take Survey