Login to CortexBook a DemoCortex Academycortex.ioCortex Status

Mend

Overview

Mend is an automated application security and remediation platform. Integrate Cortex with Mend to drive insights into potential vulnerabilities in your code and your third-party libraries.

Cortex supports integrating with:

How to configure Mend with Cortex

See the tabs below for instructions on configuring Mend SAST and Mend SCA.

Prerequisite

Before getting started, create an API token in Mend.

If you're using a self-hosted instance of Mend, you'll need to verify that your Cortex instance is able to reach the Mend instance. We route our requests through a static IP address. Reach out to support at [email protected] to receive details about our static IP. If you're unable to directly allowlist our static IP, you can route requests through a secondary proxy in your network that has this IP allowlisted and have that proxy route traffic to your Mend instance.

Configure the integration in Cortex

  1. In Cortex, navigate to the Mend settings page:

    1. In Cortex, click your avatar in the lower left corner, then click Settings.

    2. Under "Integrations", click Mend.

  2. Click Add configuration.

  3. Configure the Mend SAST integration form:

    • API token: Enter the API token you created in Mend.

  4. Click Save.

Advanced configuration

If you’re unable to expose your Mend instance to be reachable by Cortex, you can set up a Custom Integration Webhook.

How to connect Cortex entities to Mend

Discovery

By default, Cortex will use your associated Git repository (e.g. repo-name) as the "best guess" for the Mend SAST application name and the Mend SCA project name.

If your repository names don’t cleanly match the Mend SAST application names or Mend SCA project names, you can override this in the Cortex Service Descriptor.

Editing the entity descriptor

x-cortex-static-analysis:
  mend:
    applicationIds:
      - mend_id_1
      - mend_id_2
    projectIds:
      - project_id_1
      - project_id_2

The application IDs can be found in the Mend SAST web interface.

A project ID can be found in the Mend SCA web interface; while viewing the project, the ID appears in the URL after project;id=.

Expected results

Entity pages

From the Overview tab on an entity page, you can find vulnerabilities in the Code and Security block.

In the left sidebar of an entity, click Code & security > Mend to view the total number of vulnerabilities, a risk score, and a list of vulnerabilities including the risk rating and creation date.

Scorecards and CQL

With the Mend integration, you can create Scorecard rules and write CQL queries based on Mend projects and applications.

See more examples in the CQL Explorer in Cortex.

Check if Mend project is set

Check if entity has a registered Mend project

Definition: mend (==/!= null): Boolean

Examples

In a Scorecard, you can write a rule to make sure an entity has a Mend project set:

mend != null
Vulnerabilities

List of vulnerabilities, filterable on risk and source

Definition: mend.vulnerabilities(): List

Examples

In a Scorecard, you can write a rule to make sure an entity has fewer than 10 vulnerabilities from both SAST and SCA sources:

mend.vulnerabilities(source = ["SAST", "SCA"]).length < 10

You can write a rule to make sure an entity has fewer than 3 vulnerabilities with a risk level of "Medium" or "High":

mend.vulnerabilities(risk = ["Medium", "High"]).length <= 3

Still need help?

The following options are available to get assistance from the Cortex Customer Engineering team:

  • Email: [email protected], or open a support ticket in the in app Resource Center

  • Chat: Available in the Resource Center

  • Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.

Last updated

Was this helpful?