Versions Compared

Old Version 171

changes.mady.by.user Avinoam Weitman

Saved on

compared with

New Version 172

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Info

These release notes are for the Mend cloud solution, and do not apply to the on-premises solution that has its own release notes.

  • Click here to view known issues.

  • Release notes are subject to change until the actual release date. Note that Mend reserves the right to postpone the release of this page for up to and including 48 hours after the version’s actual release.

  • This page is "dynamic" and is subject to change between official releases. Mend reserves the right to modify this page retroactively. Check this page periodically between official releases to ensure you are up-to-date with all hotfixes, changes and additions to Mend's products.

Version 22.6.1 (26-June-2022)

New Features and Updates

Product

Description

Mend for GitLab
Mend for Bitbucket Server

Added a parameter that will define whether all Checks (Security, License, SAST, IaC) will have name of “Mend” or “WhiteSource” (e.g. “WhiteSource Security Check” or “Mend Security Check”).

  • Mend for GitLab - commitStatusSettings.useMendStatusNames

  • Mend for Bitbucket Server - buildSettings.useMendBuildNames

Resolved Issues

Product

Description

Mend for Azure Repos

A pull request check status would not be created if a space appeared in the project or repository name.

Version 22.5.2.1 (19-June-2022)

New Features and Updates

Product

Description

Mend for GitHub Enterprise
Mend for GitHub.com
Mend for Azure Repos

Added a parameter that will define whether all Checks (Security, License, SAST, IaC) will have name of “Mend” or “WhiteSource” (e.g. “WhiteSource Security Check” or “Mend Security Check”).

  • GitHub - checkRunSettings.useMendCheckNames

  • Azure Repos - pullRequestStatusSettings.useMendStatusNames

Version 22.5.2 (12-June-2022)

New Features and Updates

Product

Description

Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server

The setup.cfg file is now supported for triggering a scan through the Unified Agent Controller.

Mend for GitHub Enterprise
Mend for GitHub.com
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

Names of all Checks (Security, License, SAST, IaC) were changed from “WhiteSource” to “Mend”.

Mend for Bitbucket Server

Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via Issues.

Resolved Issues

Product

Description

Mend for Azure Repos

A Remediate pull request would not be created if a space appeared in the repository name.

Version 22.5.1 (29-May-2022)

New Features and Updates

Product

Description

Mend for GitHub.com
Mend for Azure Repos

The setup.cfg file is now supported for triggering a scan through the Unified Agent Controller.

Mend for GitHub.com

The SAST token can now be validated before initiating a scan.

Mend for GitHub.com

The application bot user was renamed from whitesource-for-github-com[bot]@users.noreply.github.com to mend-for-github-com[bot]@users.noreply.github.com

...

Version 22.4.2 (15-May-2022)

New Features and Updates

Product

Description

Mend for GitHub Enterprise
Mend for GitHub.com
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

A configuration error occurs if the user fails to specify the hostType or matchHost parameters when setting hostRules for private registry.

Mend for GitHub.com

Enabled a SAST scanning: Static Application Security Testing, solution for performing deep and extensive security analysis of application source code.

Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server

Scanning of .NET 6 projects is now supported.

Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server

Dev dependencies in the NPM and Yarn projects will not be scanned by default.

...

Version 22.4.1 (1-May-2022)

New Features and Updates

Product

Description

Mend for GitLab

Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues.

Mend for Github.com
Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

Added a new tag commitId to the Mend application Projects that will contain the latest scanned commit ID.

Mend for Azure Repos

The issueType setting was added to the issueSettings parameter of the Mend configuration file. This setting defines the type of issues that will be enabled in the repository - one for each vulnerability or one for each dependency with all vulnerabilities grouped within.

Mend for Github.com
Mend for Azure Repos

Python version 3.8 is now supported when performing a scan with the SCM scanner. Note that Python version 3.7.12 is still the supported default version.

Mend for Github.com
Mend for Azure Repos

The scanning of Dotnet 6 projects is now supported.

Mend for Github.com
Mend for Azure Repos

Dev dependencies in the NPM and Yarn projects will not be scanned by default.

Mend for Github.com
Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

Enabled Smart Fix for Java projects.

Version 22.3.3 (17-April-2022)

New Features and Updates

Product

Description

Mend for Bitbucket Server

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only).

NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.

Mend for GitHub.com
Mend for GitHub Enterprise

An option is now available to allow users to control Mend IaC check runs in the.whitesource / repo-config.json files.

Mend for GitLab

The issueType setting was added to the issueSettings parameter of the Mend configuration file. This setting defines the type of issues that will be enabled in the repository - one for each vulnerability or one for each dependency with all vulnerabilities grouped within.

Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server

Python versions 3.8 and 3.9 are now supported when performing a scan with the SCM scanner. 

Version 22.3.2 (3-April-2022)

New Features and Updates

Product

Description

Mend for GitHub.com
Mend for Azure Repos

Python version 3.9 is now supported when performing a scan with the SCM scanner. 

Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

It is now possible to define a scope for migration to the Global Configuration - for all organizations or for all repositories of a specific organization.

Mend for GitLab

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (JavaScript only).

NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.

Mend for Azure Repos

Work Items will now be created and updated for all of the Processes: Basic, Agile, Scrum, and CMMI. Previously, only Basic was supported.

...

Version 22.3.1 (20-March-2022)

New Features and Updates

Product

Description

Mend for GitHub Enterprise
Mend for GitHub.com
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

A new parameter overrideConfigAllowList was added to the repo-config.json file. This parameter regulates the ability of repositories that inherit their configuration from the whitesource-config repository to override the parameters locally.


Mend for GitHub Enterprise

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (JavaScript only).

NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.

Mend for GitHub.com

Repeated restarts no longer occur when performing a scan with the SCM scanner.

...

Version 22.2.2 (6-March-2022)

New Features and Updates

Product

Description

Mend for GitHub Enterprise
Mend for GitHub.com

A scan is now triggered when changes are made to the gradle.properties or gradle.lockfile file.

Mend for GitHub Enterprise
Mend for GitHub.com
Mend for GitLab
Mend for Azure Repos

A new parameter customLabels was added to issueSettings in the .whitesource configuration file, enabling you to define labels that will be added to the issues created following a scan.

Mend for GitHub Enterprise
Mend for GitHub.com

A new parameter assignees was added to issueSettings in the .whitesource configuration file that specifies the users that will be assigned to issues that are created following a scan.

Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server

The new caching mechanism is now enabled by default.

Mend for GitHub Enterprise
Mend for GitHub.com
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

The scanning of NPM projects with lockfileVersion: 2 is supported.

Mend for GitHub Enterprise
Mend for GitHub.com
Mend for GitLab
Mend for Bitbucket Server
Mend for Azure Repos

Ruby bundler projects are now supported by Remediate.

...

Version 22.2.1 (20-February-2022)

New Features and Updates

Product

Description

Mend for GitHub Enterprise

Mend for GitHub.com

Mend for GitLab

Mend for Bitbucket Server 

Mend for Azure Repos

A scan will now be triggered when changes are made to a pipfile.lock file.

Mend for GitHub.com

Enabled defining a caching mechanism by setting the WS_CACHE_TYPE environmental variable in the Controller. You can choose local Redis caching instead of the previous default memory-based caching.

...

Version 22.1.1 (23-January-2022)

New Features and Updates

Product

Description

Mend for Azure Repos

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only).

Mend for GitHub.com

Mend for Azure Repos

Default archive extraction depth is set to 0 for the scanner. To change this value, look for the configModeparameter in the .whitesource file.

Mend for GitHub.com

Mend for Azure Repos

The scanning of private Ruby registries is now supported.

...

Version 21.12.2 (9-January-2022)

New Features and Updates

Product

Description

Mend for GitHub Enterprise

Mend for GitHub.com

For Go, Python or Maven projects, when the manifest file (go.mod, Pipfile or pom.xml) is changed, the scan will be triggered only if the dependencies section is changed.

Mend for GitHub.com,

Mend for Bitbucket Server, 

Mend for Bitbucket Data Center,

Mend for GitHub Enterprise,

Mend for GitLab,

Mend for Azure Repos

Check runs can be disabled from ever being created during the scan.

Mend for GitHub.com,

Mend for Bitbucket Server, 

Mend for Bitbucket Data Center,

Mend for GitHub Enterprise,

Mend for GitLab,

Mend for Azure Repos

A new parameter workflowRules was added to remediateSettings in the .whitesource file that specifies the rules which regulate when to open remediation pull requests.

Mend Advise for VS Code

Yarn 1, 2, and 3 are supported.

...

Version 21.12.1 (26-December-2021)

New Features and Updates

Product

Description

Mend for GitHub.com

Mend for Azure Repos

The scanning of private Yarn 2 and Yarn 3 registries is now supported.

Mend for GitHub Enterprise

Mend for Bitbucket Server

Mend for GitLab

The scanning of private Nuget registries is now supported. 

Mend for GitHub Enterprise

Mend for Bitbucket Server

Mend for GitLab

Gradle 7 projects are now supported.

Mend for GitHub Enterprise

Mend for GitHub.com

For NPM projects, when package.json is changed, the scan will be triggered only if the dependencies section is changed.

Mend Advise for WebStorm

Mend for GitHub.com

Smart Fix: Fixrecommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only).

Version 21.11.2 (12-December-2021)

New Features and Updates

Product

Description

Mend for GitHub Enterprise

Mend for Bitbucket Server

Mend for Bitbucket Data Center

Mend for GitLab

The scanning of private Go and Yarn (Yarn 1) registries is now supported.

Mend for GitHub Enterprise

Mend for Bitbucket Server

Mend for Bitbucket Data Center

Mend for GitLab

Yarn 2 and Yarn 3 projects are now supported.

Mend for GitHub Enterprise

The scanning of private Gradle registries is now supported.

Mend for GitHub Enterprise

The scanning of private Python PIP registries is now supported.

Mend for GitHub.com

Mend for Azure Repos

The scanning of private Nuget registries is now supported.

Mend for GitHub.com

Mend for Azure Repos

Gradle 7 projects are now supported.

Mend for GitHub.com

Mend for GitHub Enterprise

Mend for Azure Repos

Check run will ignore IaC issues that were manually closed by the user.

Mend Advise for Visual Studio Code

Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM only).

...

Version 21.11.1 (28-November-2021)

New Features and Updates

Product

Description

Mend Advise for IntelliJ IDEA

Mend Advise for PyCharm

Mend Advise for WebStorm

Additional user notifications are provided regarding vulnerability alerts when in Focus mode, for the IntelliJ, PyCharm, and WebStorm integrations.


Mend for GitHub.com

The scanning of Yarn 2 and Yarn 3 projects is now supported.

Mend for GitHub.com

The scanning of private Go and Yarn (Yarn 1) registries is now supported.

Mend for GitLab

Mend for Bitbucket Server

Mend for Bitbucket Data Center

The scanning of private Gradle and Python PIP registries is now supported.

Mend for GitHub.com

Mend for GitLab

Mend for Bitbucket Server

Mend for Bitbucket Data Center

Two tags will be added to the project in the Mend application when the respective repository is scanned for the first time:

  • repoFullName: Contains the repo context in the following mapping: {ownerName}/{repoName}@{branchName}

  • repoId: Contains the unique SCM repository ID.

Mend for Azure Repos

Launch of the Mend for Azure Repos: open beta stage.

...

Version 21.10.2 (14-November-2021)

New Features and Updates

Product

Description

Mend for GitHub.com

The scanning of private Gradle registries is now supported.

Mend for GitHub.com

The scanning of private Python PIP registries are now supported.

Mend Advise for Visual Studio

Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch.

...


Version 21.10.1 (31-October-2021)

New Features and Updates

Product

Description

Mend for GitHub Enterprise,

Mend for GitLab,

Mend for Bitbucket Server

Enabled cloning project files through Git shell commands.

Mend Advise for Visual Studio

The Diff operation is now enabled by default when the Mend Advise plugin is active.

Mend Advise for Visual Studio Code

Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch.

...


Version 21.9.1 (17-October-2021)

New Features and Updates

Product

Description

Mend for Bitbucket Server, 

Mend for Bitbucket Data Center,

Mend for GitHub Enterprise,

Mend for GitLab

Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials in Repository Integrations.

Mend for GitHub.com,

Mend for Bitbucket Server, 

Mend for Bitbucket Data Center,

Mend for GitHub Enterprise,

Mend for GitLab

Support for Maven private registries.

Mend for GitHub Enterprise

Expanded support for Mend IaC Check. Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported.

...

Version 21.8.2 (3-October-2021)

New Features and Updates

Product

Description

Mend Advise for IntelliJ IDEA

Mend Advise for PyCharm

Mend Advise for WebStorm

Mend Advise for Visual Studio Code

The Focus Mode allows developers to see only new vulnerability alerts in their feature branches compared to a predefined base branch.

This feature is now enabled by default.

Mend Advise for PyCharm

Mend Advise for WebStorm

Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch.

Mend for GitHub.com

(BETA) Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials Repository Integrations.

Mend for GitHub.com

Expanded support for Mend IaC Check: Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab

Regular account repo-settings.json or global-settings.json files are now automatically populated with the settings from the whitesource-config account’s global-settings.json file.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab

Added a feature to save scan logs to a zip file after manual scanning from the Global Repo.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab

Python Conda projects are now supported in all Repo integrations. 

Version 21.8.1 (29-August-2021)

New Features and Updates

Product

Description

Mend Advise for IntelliJ IDEA

An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IntelliJ. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch.

Mend for Bitbucket Server

  • Added parse validation and error notification via issues and commit status for configuration files.

  • Added inheritance configuration validation and error notification via issues and commit status.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab

Regular account repo-settings.json or global-settings.json files can now inherit settings from the “whitesource-config” account’s global-settings.json file.

Version 21.7.2 (15-August-2021)

New Features and Updates

Product

Description

Mend for GitLab

  • Added parse validation and error notification via issues and commit status for configuration files ( .whitesource/repo-config.json/global-config.json).

  • Added inheritance configuration validation and error notification via issues and commit status.

Mend for GitHub.com
Mend for GitHub Enterprise

Users can now manually trigger scans for specific repositories.

Mend Advise for Visual Studio

Mend added developer focus mode for Visual Studio.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab

Added Remediate Worker Horizontal Scalability. This feature is used to scale Remediate to allow it to utilize additional containers, in order to process multiple repositories concurrently.

...

Version 21.7.1 (1-August-2021)

New Features and Updates

Product

Description

Mend for GitHub.com
Mend for GitHub Enterprise

Added inheritence configuration validation and error notification via issues and check runs.

Mend Advise for WebStorm

Mend added developer focus mode for WebStorm.

Mend Advise for Visual Studio Code

Mend added developer focus mode for Visual Studio Code.

...

Version 21.6.3 (18-July-2021)

New Features and Updates

Product

Description

Mend Advise for IntelliJ IDEA

  • Mend added developer focus mode for IntelliJ IDEA

  • Added aggregated fix suggestion for direct dependencies

  • Added support for custom build.gradle filenames

Mend Advise for PyCharm

  • Added aggregated fix suggestion for direct dependencies

Mend for GitHub.com
Mend for GitHub Enterprise

  • Added parse validation and error notification via issues and check runs for configuration files ( .whitesource/repo-config.json/global-config.json)

Mend for GitHub Enterprise

  • Added a new parameter, branchProtectionRule, that automatically creates branch protection rules for newly onboarded repositories

    • Provided a way to globally ignore all user accounts when installing the GitHub application. If a user account does install the application, it will automatically be uninstalled. There is a way to include specific user accounts even if they are globally ignored by using the exact names attribute. 

Mend for GitHub Enterprise
Mend for GitLab
Mend for Bitbucket Server

  • Added environment variables to improve UA log consumption inside the scanner container.

...

Product

Description

Mend for GitHub.com

Mend has launched the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab

Previously, the only way to provide the integration's activation key to the Remediate container was by using a prop.json file.
Beginning in this version, the activation key is also supported as an environment variable called W4D_BOLT_OP_ACTIVATION_KEY (as an alternative to providing it as a prop.json file).

Mend Advise for IntelliJ,
Mend Advise for WebStorm,
Mend Advise for PyCharm,
Mend Advise for Eclipse,
Mend Advise for Visual Studio,
Mend Advise for VS Code

Beginning in this version, you can configure the plugin/extension to alert only on detected vulnerabilities satisfying a given minimum severity level (as opposed to always showing Low, Medium and High severity vulnerabilities).

Mend Advise for WebStorm

Beginning in this version, Mend Advise will not scan the node_modules folder of a selected project.

...

Product

Description

Mend Advise for IntelliJ,
Mend Advise for WebStorm,
Mend Advise for PyCharm,

Better handling when the developers' environment is disconnected from the internet or has no access to the Mend servers.

Mend Advise for Visual Studio

In some cases, scanning a C# project resulted in an exception, and in addition, no vulnerabilities were displayed.

Mend for GitHub.com

When adding an empty whitesource-config repository from a default "main" branch to the integration, it was not initialized with Mend configuration files.

Mend for GitLab

When using the security dashboard, issues were published but the commit comment was not updated with scan results and remained with a "scan in progress" indication.

Version 21.3.1 (4-April-2021)

...

Product

Description

Mend Advise for IntelliJ IDEA,
Mend Advise for WebStorm

An improved notification message is now displayed when no vulnerabilities are found in a scanned project.

Mend Advise for IntelliJ IDEA

Added support for the "apply from" script plugin in Gradle projects, which can reference a dependency file contained within the scanned project or outside of it.
NOTE: Remote script location is not supported.

Mend Advise for Eclipse,
Mend Advise for Visual Studio

Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities).

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab,
Mend for GitHub.com

For NPM projects only - Added support for remediation of transitive npm packages when a package-lock.json is present. 
NOTE: This functionality is disabled by default.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab,
Mend for GitHub.com

Beginning in this version, a new Mend Security/License Check summary will be displayed in case a scan results in an empty inventory (as opposed to when one or more Security/License issues are detected).

Mend Remediate

Remediate sometimes, and Renovate often, needs to query github.com for tags and releases (e.g. for release notes fetching).
Customers using Renovate especially will get rate limited by github.com quickly if they don't provide authentication with every request. Guidelines on how to do that are provided here.

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

...

Product

Description

Mend Advise for PyCharm,
Mend Advise for WebStorm

Mend has launched Mend Advise for PyCharm and Mend Advise for WebStorm plugins, empowering JetBrains developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects

Mend Advise for IntelliJ IDEA

  • Added support for IntelliJ IDEA 2020.2

  • Added support for IntelliJ IDEA 2020.3

  • Added support for displaying scan results in the Problems Tool window (in addition to the Inspection Results window).
    NOTE: This feature is available in version 2020.2 and above of the IDE.

Mend for Bitbucket Server,
Mend for Bitbucket Data Center

From this version onwards, the Administration > Mend Integration page enables the Bitbucket administrator to select Projects to integrate with Mend, instead of Repositories.

Once a project is selected by the Bitbucket administrator, the project administrator will be able to access the Mend Integration page from the  Project > Project settings page and decide which repositories within that project to integrate with Mend.

NOTE: Customers upgrading from an older version of the integration will be automatically migrated to the new Mend Integration model. This means that for each already integrated repository, the repository will be automatically selected inside the Project > Project settings page.

...

Product

Description

Mend Advise for IntelliJ IDEA

Scanning a Gradle project following file changes would sometimes not show markers for detected vulnerabilities.

Mend for Bitbucket Server,
Mend for Bitbucket Data Center

In an integrated repository page, the Critical severity metric inside the Mend Security widget was modified to High in order to align with the Mend UI severity metrics.

...

Product

Description

Mend for GitHub Enterprise,
Mend for GitHub.com

Added ability to define a whitelist of GitHub Organizations and/or GitHub repository owners who can integrate with the Mend integration.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitHub.com,
Mend for GitLab

Global Repo Configuration:

  • Added the ability to migrate existing repositories to the Global Configuration for a specified list of repository owners only.

  • Added the ability to control whether a migration will trigger a Mend scan.

  • Added a new migration mode, fixInheritance to update the inheritedFrom parameter values in local .whitesource configuration files to the correct whitesource-config Global Configuration repository.

Mend Advise for Visual Studio Code

  • Added support for macOS.

  • Added a configuration setting allowing to enable/disable scanning of devDependencies. The default is "disabled" mode.

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.

...

Product

Description

Mend Advise for IntelliJ IDEA

The No proxy HTTP setting was ignored by the plugin.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center,
Mend for GitHub Enterprise,
Mend for GitLab

The scanner container did not clean up between container restarts, resulting in a potentially large growth in the container’s disk size.

Version 20.11.2 (6-December-2020)

...

Resolved Issues

Product

Description

Mend for GitHub Enterprise

Renovate config presets were not being resolved.

Mend for Bitbucket Server, 
Mend for Bitbucket Data Center

In the Mend Security Report (Code Insights), the table listing each vulnerability was not displayed correctly.

Version 20.11.1 (22-November-2020)

...

Product

Description

Mend Advise for IntelliJ,
Mend Advise for Eclipse,
Mend Advise for VS Code

  • When CVSS3 data was available for a vulnerability, Mend Advise displayed CVSS2 severity instead of CVSS3 severity information.

Mend Advise for IntelliJ

  • When no Mend suggested fix was available for a vulnerability, Mend Advise skipped the display of such vulnerability.

Version 20.10.2.1 (8-November-2020)

...

Product

Description

Mend for GitHub Enterprise

In some cases, two scans were triggered for the same commit. This led the issue publishing process to run twice at the exact same time, causing duplicate issues to be created.

Version 20.10.1.1 (25-October-2020)

...

Product

Description

Mend Advise for IntelliJ IDEA

  • Added support for Gradle

Mend for Bitbucket Server,
Mend for GitHub Enterprise,
Mend for GitHub.com,
Mend for GitLab

  • The Mend Security Check now displays a summary of the number of total remaining vulnerabilities present on the base branch. NOTE: Both the baseBranches and displayMode configuration parameters need to be used, and the displayMode parameter needs to be set to diff.

Mend for Bitbucket Server

In the Mend Integration page:

  • When selecting repositories to integrate with Mend, it is now possible to search for a particular repository name.

  • Clear Selection button was added in order to clear selected repositories after having selected multiple repositories via the Selected repositories only option.

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.10.1 of the Unified Agent.

...

Product

Description

Mend for Bitbucket Server

  • The Mend Add-on had a limitation where you could only integrate up to 1,000 repositories.

  • In the Global Repo Configuration, it was not possible to specify a Project Key when using the ignoredRepos parameter inside the global-config.json file.

Mend for Bitbucket Server,
Mend for GitHub Enterprise,
Mend for GitHub.com,
Mend for GitLab

  • Remediate - No fix Pull Request/Merge Request was generated for library yaml.v2-v2.2.2.

  • When Global Repo Configuration was enabled, in some cases, scans were not triggered after a valid push was performed.

Version 20.9.2 (11-October-2020)

...

Product

Description

Mend for Bitbucket Server,
Mend for GitHub Enterprise,
Mend for GitHub.com,
Mend for GitLab

  • Global Repo Configuration: Ability to exclude specific repositories from the integration. A new parameter ignoredRepos was added to the global-config.json file.

  • The following features are supported only when using the baseBranches configuration:

    • When a scan is triggered, any existing Issue content will be updated if a change occurred (for example, when an additional base branch contains the same issue, or if the severity of a vulnerability was modified)

    • When a scan is triggered, if a previously auto-closed Issue has resurfaced inside a repository, Mend will re-open the closed issue and add a comment to it to specify the reason for re-opening. NOTE: In Mend for Bitbucket Server, a new Issue will be opened in such cases, and no comment will be added.

Mend for Bitbucket Server,
Mend for GitHub Enterprise,
Mend for GitLab

  • Added a new parameter, controller.url, to the UI configuration tool for when configuring the deployment file (prop.json), which lets you modify the name of the App container (default is wss-ghe-app/wss-gls-app/wss-bb-app).

Mend Advise for Visual Studio Code

  • Ability to perform an automatic scan after activating the extension or after changes are applied to any of your workspace folders (for example, a new folder is added, an existing project was re-built). A new parameter Enable Automatic Scanning in Workspace was added to the extension settings (enabled by default).

  • Added performance enhancements.

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.9.1 of the Unified Agent.

...

Product

Description

Mend for Bitbucket Server,
Mend for GitHub Enterprise,
Mend for GitHub.com,
Mend for GitLab

  • Global Repo Configuration: When adding the whitesource-config repository to the integration, a README file is automatically generated with instructions on how to start.

  • When removing and then re-adding a repository to the integration, its associated Mend Project will now be re-used instead of creating a new project with a numbered prefix. NOTE: Existing projects containing the numbered prefix will remain with the prefix. To remove this prefix, delete the relevant Mend project and in the next valid push, a new project will be created with the correct naming convention.

  • The following features are supported only when using the baseBranches configuration:

    • Mend Security Check summary: Added the ability to only show the diff of detected vulnerabilities between the current commit and its base branch commit, for non-base branches. A new configuration parameter displayMode was added for this purpose, and it contains two options ("baseline" and "diff"). Newly integrated repositories will automatically inherit the "diff" functionality. Refer to the relevant integration's ".whitesource File" section for more information.

    • Issues generated by the integration that are no longer part of the Mend project inventory (due to alerts being ignored or libraries being removed) will be auto-closed by the integration upon the next valid push. NOTE: In Mend for Bitbucket Server, such issues will be deleted (instead of closed).

    • The originating branch of a detected security vulnerability is now added to the content of an Issue (inside the Vulnerable Library) section. 

Mend Advise for Visual Studio Code

  • Added performance enhancements.

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.2 of the Unified Agent.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.3 of the Unified Agent.

Resolved Issues

  • Mend for GitHub.com, Mend for GitHub Enterprise: Migrating specific repositories to the global configuration using the excludeRepos parameter led to incorrect results.

Version 20.7.2 (3-August-2020)

...

Product

Description

Mend Advise for Eclipse, Mend Advise for IntelliJ IDEA

  • Added minor enhancements.

Mend for Bitbucket Server,
Mend for GitHub Enterprise,
Mend for GitHub.com,
Mend for GitLab

  • (BETA) Ability to migrate existing repositories to inherit a global configuration

  • After a vulnerable source library is introduced on an integrated repository, more details on the specific vulnerable source file(s) are now displayed both inside the generated issue as well as inside the Mend Security Check (as part of a Check Run for GitHub.com/GitHub Enterprise, Commit Status for GitLab, and Build Status for Bitbucket Server). 

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.2 of the Unified Agent.

Resolved Issues

  • Mend for GitHub.com, Mend for GitHub Enterprise: When the content of a "Mend Security Check" exceeded GitHub's size limit for a Check Run, the check run content was not displayed.

  • Mend for Bitbucket Server, Mend for GitHub Enterprise, Mend for GitHub.com, Mend for GitLab: As part of the Global Repo Configuration, the whitesource-config repository had to be initialized with a README file in order for the global-config.json and repo-config.json files to be automatically generated by the integration.

Version 20.7.1.1 (23-July-2020)

...

Product

Description

Mend Advise for Visual Studio

  • Added support for scanning non SDK-style projects (such as VSIX extensions) which generate an assets file.

  • Added performance enhancements.

Mend for Bitbucket Server,
Mend for GitHub Enterprise,
Mend for GitHub.com,
Mend for GitLab

  • Added support for Poetry package manager.

  • (BETA) Ability to generate a global configuration, to be applied to all newly-selected repositories. This requires the creation of a new repository called whitesource-config which will contain the configuration file template. In addition, it is now possible to define and apply one of the following onboarding options for all your newly-selected repositories:

    • Create an onboarding PR/MR including the .whitesource configuration file with inherited configuration

    • A .whitesource configuration file with inherited configuration will immediately be pushed to the default branch of all integrated repositories without creating any onboarding PRs/MRs

    • Integrated repositories will be scanned without creating a .whitesource file or onboarding PR/MR

  • This version introduces the ability to specify multiple base branches. A new parameter baseBranches was added to the .whitesource configuration file for this purpose. Specifying one or more base branches in this parameter means that:

    • For each specified branch, scanning results will be sent to a new Mend Project containing the branch name as a suffix.

    • An Issue will only be created for the specified branch names.

    • For existing integrated repositories which do not contain the baseBranches parameter, Issues will be generated for all branches.

  • After a valid push is performed on an integrated repository, more information such as a dependency hierarchy and a suggested fix is now displayed inside the Mend Security Check (as part of a Check Run for GitHub.com/GitHub Enterprise, Commit Status for GitLab, and Build Status for Bitbucket Server). 

Mend for Bitbucket Server

  • Users with Write (in addition to Admin) permissions on an integrated repository can now see the Mend Integration tab inside the Bitbucket Server instance.

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.1 of the Unified Agent.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.2 of the Unified Agent.

Resolved Issues

  • Mend for Bitbucket Server: When uninstalling the add-on, the activation key and list of integrated repositories were not cleared.

Version 20.6.1.1 (23-June-2020)

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.1 of the Unified Agent.

Resolved Issues

  • Mend for GitHub Enterprise: When running the wss-ghe-app container, a FileNotFoundException error message appeared in the logs.

Version 20.4.2.2 (17-May-2020)

New Features & Updates

Product

Description

Mend for GitHub Enterprise

  • From this version onward, the Remediate database image and container (remediate-db) will no longer be required as part of the integration. Instead, Remediate will operate in-memory.

Mend for Bitbucket Server, Mend for GitHub Enterprise, and Mend for GitLab

  • Support for Gradle Kotlin projects

  • Support for Gradle in Mend Remediate  

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.4.2.2 of the Unified Agent.

Resolved Issues

  • Mend for GitHub Enterprise: When performing a scan, the local Maven registry directive was ignored.

Version 20.3.1 (29-March-2020)

New Features & Updates

Product

Description

Mend for GitHub.com

Support for Gradle Kotlin projects

NOTE: The GitHub.com integration in this version supports version 20.3.1 of the Unified Agent.

...

New Features & Updates

Product

Description

Mend for GitHub.com

Support for Gradle in Mend Remediate

Mend for Bitbucket Server

  • From this version onward, the Remediate database image and container (remediate-db) will no longer be required as part of the integration. Instead, Remediate will operate in-memory.

  • Improved usability and enhanced control over the Mend scanning. An onboarding Pull Request is now generated on each selected repository upon the Mend add-on configuration. A .whitesource configuration file will be part of the PR. Mend will only start scanning the repository once the PR is merged.

  • Using the new projectToken configuration parameter in the .whitesource configuration file, it is now possible to map a Bitbucket repository to an existing Mend project. This provides added flexibility in terms of organizing projects in Mend originating from various integrations.

  • The .whitesource configuration file now includes a parameter configMode, which lets you use an existing Unified Agent configuration file. This can be done by providing either a local Unified Agent configuration file, or fetching the config file from an external location using the configExternalURL parameter.

  • This version introduces the ability to generate fix PRs on-demand without defining workflow rules in advance.

...