> For the complete documentation index, see llms.txt.
Skip to main content

Check out Port for yourself ➜ 

Mend.io

Loading version...

Port's Mend.io integration allows you to model Mend projects and SCA security findings in your software catalog and ingest data into them.

Supported resources ProjectSCA finding

Prerequisites

  • A Mend.io account with the Organization Administrator role in the organization you want to sync.
  • A Port organization with admin permissions.
  • A Mend.io activation key from the Port integration card in Mend.

Obtain the Mend activation key

  1. Log in to your Mend Platform tenant as an organization administrator, using your organization's Mend sign-in URL or SSO flow.

  2. Click the cog icon to open Settings.

  3. Select Integrations.

  4. Under Third-Party Platforms, click the Port.io card.

  5. Copy the activation key.

The activation key includes the integrator user, user key, Mend environment URL, and organization UUID. The integration derives the rest of the required Mend connection details from it.

For more information, see the Mend documentation.

Setup

Choose your preferred installation method below. Not sure which to pick? See the installation methods overview.

Activation key validation

A malformed or truncated activation key causes the integration to fail with Provide a valid Mend Activation key. If you see this error, copy the full activation key from Mend again and update the integration credentials.

Configuration

Port integrations use a YAML mapping block to ingest data from the third-party API into Port.

The mapping uses the JQ JSON processor to select, modify, concatenate, transform, and perform other operations on existing fields and values from the integration API.

Default mapping configuration

This is the default mapping configuration for this integration:

Default mapping configuration (Click to expand)
createMissingRelatedEntities: true
deleteDependentEntities: true
entityDeletionThreshold: 0
resources:
- kind: mend-project
selector:
query: 'true'
port:
entity:
mappings:
identifier: .uuid
title: .name
blueprint: '"mendProject"'
properties:
applicationName: .path
applicationUuid: .applicationUuid
createdAt: .creationDate
languages: '(.statistics.LIBRARY_TYPE_HISTOGRAM // {} | keys)'
lastScanned: 'if (.statistics.LAST_SCAN.lastScanTime // 0) > 0 then (.statistics.LAST_SCAN.lastScanTime / 1000 | todate) else null end'
totalCritical: '((.statistics.ALERTS.criticalSeverityVulnerabilities // 0) + (.statistics.IMG_SECURITY.imgCriticalVulnerabilities // 0))'
totalHigh: '((.statistics.ALERTS.highSeverityVulnerabilities // 0) + (.statistics.IMG_SECURITY.imgHighVulnerabilities // 0) + (.statistics.SAST_VULNERABILITIES_BY_SEVERITY.sastHighVulnerabilities // 0))'
totalMedium: '((.statistics.ALERTS.mediumSeverityVulnerabilities // 0) + (.statistics.IMG_SECURITY.imgMediumVulnerabilities // 0) + (.statistics.SAST_VULNERABILITIES_BY_SEVERITY.sastMediumVulnerabilities // 0))'
totalLow: '((.statistics.ALERTS.lowSeverityVulnerabilities // 0) + (.statistics.IMG_SECURITY.imgLowVulnerabilities // 0) + (.statistics.SAST_VULNERABILITIES_BY_SEVERITY.sastLowVulnerabilities // 0))'
dependencyFindingStats: .statistics.ALERTS
codeFindingStats: .statistics.SAST_VULNERABILITIES_BY_SEVERITY
containerFindingStats: .statistics.IMG_SECURITY

- kind: sca-finding
selector:
query: 'true'
port:
entity:
mappings:
identifier: .uuid
title: .name
blueprint: '"mendSCA"'
properties:
status: .findingInfo.findingStatus
severity: .vulnerability.severity
violations: if (.violations // 0) > 0 then true else false end
reachability: .reachability
malicious: if has("malicious") then .malicious else false end
description: .vulnerability.description
componentType: .component.componentType
componentName: .component.name
publishDate: .vulnerability.publishDate
detectedAt: .findingInfo.detectedAt
modifiedAt: .findingInfo.modifiedAt
cvssType: .vulnerability.type
cvssScore: .vulnerability.score
exploitMaturity: .threatAssessment.exploitCodeMaturity
epssScore: .threatAssessment.epssPercentage
cveLink: 'if .name then "https://cve.mitre.org/cgi-bin/cvename.cgi?name=" + .name else null end'
mendLink: 'if .name then "https://www.mend.io/vulnerability-database/" + .name else null end'
topFix: .topFix
type: .component.dependencyType
suppressionReason: 'if .findingInfo.findingStatus == "SUPPRESSED" then .findingInfo.comment.comment else "" end'
suppressionDate: 'if .findingInfo.findingStatus == "SUPPRESSED" then .findingInfo.comment.date else null end'
relations:
project: .project.uuid

Monitoring and sync status

To learn more about how to monitor and check the sync status of your integration, see the relevant documentation.

Mapping & selectors per resource

Use the explorer below to view the default mapping and blueprint for each resource type.

Configure sync behavior

Mend currently has no first-class webhook support, so this integration relies on scheduled polling resyncs.

Each ordinary poll performs a delta sync. It fetches findings only for projects whose last scan time or creation date changed since the last successful sync.

The fullSyncIntervalMinutes parameter controls periodic forced full resyncs. The default is 720 minutes, or 12 hours.
A forced full resync bypasses the delta filter and picks up finding-only changes such as status transitions, suppressions, and edited fixes.

Set fullSyncIntervalMinutes to 0 if every poll should perform a full sync.

Limitations

  • Mend changes appear in Port only after the next scheduled resync.
  • Finding-only changes are picked up by the next forced full resync, which runs every 12 hours by default.
  • The default mapping uses entityDeletionThreshold: 0 because delta syncs intentionally skip unchanged projects. Raise this value only if your full sync interval enumerates all findings often enough for stale entity cleanup.
  • Each installation syncs one Mend organization. To sync multiple organizations, install one integration instance per organization.

Troubleshooting

Use Interactive mode to be guided through diagnostic checks, or Quick reference to scan the full list of issues and fixes.

What are you experiencing?

Select the issue that best matches your situation. We'll guide you through diagnosing and fixing it step by step.

For more help, visit the Port community or open a support ticket.