Overview

The Requests Dashboard features a variety of options that provide a complete view of the status of requests in your organization.

Most customers who wish to avoid using libraries that have security vulnerabilities or restrictive licensing in their software, may not have an internal approval mechanism in place to review libraries before they are added by developers to the production code.

The Mend approval process provides customers with a way of reviewing new libraries added to their inventory before they are included in the production code. A plugin request is an API call sent from the UA (Unified Agent) to the WS server containing the results of a scan executed on a customer’s machine or build server. The request contains information about the organization’s products, as well as packages and source files detected during the scan and the relationship between those packages (i.e., the dependency hierarchy).

...

Mend generates a library approval request (aka Pending Request) every time a new library is added to a project and the open-source library code is scanned for vulnerabilities and security issues.

If the library contains no risk (i.e., the correct licenses are in the code and there are no security vulnerabilities), the Approve action can be applied to the update request for the library. The request will be automatically closed. The library will be combined with the security tests of the organization’s open-source code.

If the library contains unacceptable security vulnerabilities, the policy that matches this library will reject it. If one or more libraries were rejected by a policy, the Agent returns a policy violation exit code, which can be used to fail a build. In such a case, the library will not be updated in the inventory, unless the Agent is configured to update it regardless of policy violations. To view a history of the policy violations from different scans, see the Plugin Policy Violation History Report. 

Accessing the Requests Dashboard

1. Open the Mend Home page.

2. From the menu bar, select Dashboards > Requests. The Requests Dashboard is displayed.

NOTE: Clicking the History button at the top right of the screen opens the Requests History Report that provides details about all requests in an organization for all statuses.

The Requests Dashboard contains the following panels of information:

• Time to Respond

• Number of Requests

• Statistics

• Pending Tasks

• Requested by Me

Viewing the Response Times

The Time to Respond chart displays the time (in minutes) taken to approve, reject, and respond to update requests in an organization. The number of approved, rejected, and response requests are also provided in text and histogram format. As shown in the following example: It took just under 4 minutes to reject 388,666 requests.

...

Viewing the Number of Requests

The Number of Requests graph displays the number of update requests that were open (color-coded blue) or closed (color-coded red) for the selected context (Organization, product, or project) every two weeks. Hovering on a data point displays the exact number of requests.

...

Viewing Statistics about Requests

The Statistics panel lists:

• Number of approved requests and as a percentage of overall requests

• Number of rejected requests and as a percentage of overall requests

• Time taken to approve the requests

• Time taken to reject the requests

• Time taken to respond to the update requests in the organization

Viewing Pending Tasks

For every new library that is added to a project following an update request, Mend generates a library approval request – aka Pending Task. The Pending Tasks panel lists the as yet unanswered requests sent from the plugins regarding approval for the new libraries.

The following information is displayed per pending request:

...

From: Name of the user that initiated the request

...

Library: Name of the open-source library. Click the library name in order to be forwarded to its Library Details page.

...

Project: Project in which the library is located

...

Product: Product in which the library is located

...

Date: Date the request was made

The buttons displayed above the list enable you to:

• More Information: Display further details about selected requests in the list.

• Approve: Approve selected requests in the list.
  Note: The policy that triggered the action on the pending request will be displayed in the Pending Tasks Approval page.

• Reject: Reject selected requests in the list.

Viewing User Requests

The Requested by Me panel displays the update requests that were sent by the user from the plugins regarding approval for the new libraries.

The following information is displayed per request:

...

Description: Description of the request

...

Project: Project in which the library is located

...

Status: Current status of the request (Open, Pending, Closed)

...

Approver: Name of the person assigned to approve the request

...

Approvers Group: Group of people assigned to review the request

...

Date: Date the request was made

Clicking More… opens the Request History Report that provides details about all requests in the organization for all statuses.

See Also:

...

/wiki/spaces/DrftWKB/pages/2146828335

...

The Plugin Request History Report

...

This page is available at: https://docs.mend.io/bundle/sca_user_guide/page/requests_dashboard.html