# Mend

{% hint style="info" %}
Cortex connects to many third-party vendors whose system interfaces frequently change. As a result, integration behavior or configuration steps may shift without notice. If you encounter unexpected issues, check with your system administrator or refer to the vendor's documentation for the most current information. Additionally, integration sync times vary and are subject to scheduling overrides and timing variance.
{% endhint %}

## Overview

[Mend](https://www.mend.io/) is an automated application security and remediation platform. Integrate Cortex with Mend to drive insights into potential vulnerabilities in your code and your third-party libraries.

Cortex supports integrating with:

* [Mend Static Application Security Testing (SAST)](https://www.mend.io/sast-lp): This product scans for vulnerabilities in the code you write.
* [Mend Software Composition Analysis (SCA)](https://www.mend.io/sca/): This product scans for vulnerabilities in your third-party libraries.

## How to configure Mend with Cortex

See the tabs below for instructions on configuring Mend SAST and Mend SCA.

To modify the integration configuration, see [Modifying an existing integration configuration](/ingesting-data-into-cortex/integrations.md#modifying-an-existing-integration-configuration).

{% tabs %}
{% tab title="Mend SAST" %}
**Prerequisite**

Before getting started, [create an API token in Mend](https://docs.mend.io/legacy-sast/latest/api-token).

If you're using a self-hosted instance of Mend, you'll need to verify that your Cortex instance is able to reach the Mend instance.\
\
We route our requests through a static IP address. Reach out to support at <help@cortex.io> to receive details about our static IP. If you're unable to directly allowlist our static IP, you can route requests through a secondary proxy in your network that has this IP allowlisted and have that proxy route traffic to your Mend instance.

**Configure the integration in Cortex**

1. In Cortex, navigate to the [Mend settings page](https://app.getcortexapp.com/admin/integrations/mend):
   * Click **Integrations** from the main nav. Search for and select **Mend**.
2. Click **Add configuration**.
3. Configure the Mend SAST integration form:
   * **API token**: Enter the API token you created in Mend.
4. Click **Save**.
   {% endtab %}

{% tab title="Mend SCA" %}
**Prerequisite**

Before getting started, create an [Organization API key](https://docs.mend.io/legacy-sca/latest/global-organization-product-project-api) and a [user key](https://docs.mend.io/legacy-sca/latest/user-level-access-control-in-integrations-and-apis) in Mend.

If you're using a self-hosted instance of Mend, you'll need to verify that your Cortex instance is able to reach the Mend instance.\
\
We route our requests through a static IP address. Reach out to support at <help@cortex.io> to receive details about our static IP. If you're unable to directly allowlist our static IP, you can route requests through a secondary proxy in your network that has this IP allowlisted and have that proxy route traffic to your Mend instance.

**Configure the integration in Cortex**

1. In Cortex, navigate to the [Mend settings page](https://app.getcortexapp.com/admin/settings/mend):
   1. In Cortex, click your avatar in the lower left corner, then click **Settings**.
   2. Under "Integrations", click **Mend**.
2. Click **Add configuration**.
3. Configure the Mend SCA integration form:
   * **Organization type**: Select `Global` or `Single`.
   * **Organization API token**: Enter your Global organization key or a single organization key.
     * This can be found in Mend SCA under the [Integrate tab](https://saas.mend.io/Wss/WSS.html#!adminOrganization_integration).
   * **User key**: Enter your Mend user key.
     * This can be found in Mend under **User profile > User keys**.
   * **URL type**: Select your Mend URL type depending on the server URL for your Mend instance.
     * Select **NEW** if the server URL is `saas.mend.io`.
     * Select **LEGACY** if the server URL is `saas.whitesourcesoftware.com`.
     * Select **CUSTOM** if using a dedicated instance.
   * **Custom URL**: If using a dedicated instance, enter your Mend server URL.
4. Click **Save**.
   {% endtab %}
   {% endtabs %}

### Advanced configuration

If you’re unable to expose your Mend instance to be reachable by Cortex, you can set up a Custom Integration Webhook.

## How to connect Cortex entities to Mend

#### Discovery

By default, Cortex will use your associated Git repository (e.g. `repo-name`) as the "best guess" for the Mend SAST application name and the Mend SCA project name.

If your repository names don’t cleanly match the Mend SAST application names or Mend SCA project names, you can override this in the Cortex Service Descriptor.

#### Editing the entity descriptor

```yaml
x-cortex-static-analysis:
  mend:
    applicationIds:
      - mend_id_1
      - mend_id_2
    projectIds:
      - project_id_1
      - project_id_2
```

The application IDs can be found in the Mend SAST web interface.

A project ID can be found in the Mend SCA web interface; while viewing the project, the ID appears in the URL after `project;id=`.

## Using the Mend integration

### Entity pages

From the **Overview** tab on an entity page, you can find vulnerabilities in the **Code and Security** block.

In the left sidebar of an entity, click **Code & security > Mend** to view the total number of vulnerabilities, a risk score, and a list of vulnerabilities including the risk rating and creation date.

### Scorecards and CQL

With the Mend integration, you can create Scorecard rules and write CQL queries based on Mend projects and applications.

See more examples in the [CQL Explorer](https://app.getcortexapp.com/admin/cql-explorer) in Cortex.

<details>

<summary>Check if Mend project is set</summary>

Check if entity has a registered Mend project

**Definition:** `mend (==/!= null): Boolean`

**Examples**

In a Scorecard, you can write a rule to make sure an entity has a Mend project set:

```
mend != null
```

</details>

<details>

<summary>Vulnerabilities</summary>

List of vulnerabilities, filterable on risk and source

**Definition:** `mend.vulnerabilities(): List`

**Examples**

In a Scorecard, you can write a rule to make sure an entity has fewer than 10 vulnerabilities from both SAST and SCA sources:

```
mend.vulnerabilities(source = ["SAST", "SCA"]).length < 10
```

You can write a rule to make sure an entity has fewer than 3 vulnerabilities with a risk level of "Medium" or "High":

```
mend.vulnerabilities(risk = ["Medium", "High"]).length <= 3
```

</details>

### View integration logs <a href="#still-need-help" id="still-need-help"></a>

{% hint style="info" %}
This feature is available in Cortex cloud.
{% endhint %}

While viewing an integration's settings page, click the **Logs** tab to view error logs from the last 7 days. You can filter the logs list by configuration and by operation (for example, you could filter to view errors surfaced only via Scorecards).

<div align="left" data-with-frame="true"><figure><img src="/files/x8JmoPqXZTJ7YHeFJpOA" alt="The &#x27;Logs&#x27; tab on an integration&#x27;s settings page shows error information over the past 7 days."><figcaption></figcaption></figure></div>

Click into a row to get more information, including time stamp, status code, full error, and request path.

## Still need help?[​](https://docs.cortex.io/docs/reference/integrations/aws#still-need-help) <a href="#still-need-help" id="still-need-help"></a>

The following options are available to get assistance from the Cortex Customer Engineering team:

* **Email**: <help@cortex.io>, or open a support ticket in the in app Resource Center
* **Slack**: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a `:ticket:` reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cortex.io/ingesting-data-into-cortex/integrations/mend.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.