Versions Compared

Old Version 2

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version Current

changes.mady.by.user Angela Ruhstorfer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Getting Started With Mend SAST

  1. Open an account with Mend.

  2. Click on the link in the welcome email you receive from Mend.

...

3. In the RESET PASSWORD window, enter your password twice and click RESET PASSWORD.

...

4. In the LOGIN window, enter your username and password and click LOG IN.

...

5. In the DASHBOARD window, click SETTINGS in the menu bar on the left.

...

6. Click API TOKEN.

...

7. Click + GENERATE TOKEN.

...

8. Click the copy icon.

...

9. Download the latest production CLI from:

https://downloads-sast.whitesourcesoftware.com/sast-cli/linux/wssastcli

https://downloads-sast.whitesourcesoftware.com/sast-cli/windows/wssastcli.exe

MacOS

NOTE: On MacOS, you must install Docker before configuring Mend SAST. For more information, see (https://docs.docker.com/ .

https://downloads-sast.whitesourcesoftware.com/sast-cli/mac/wssastcli

https://downloads-sast.whitesourcesoftware.com/sast-cli/macarm/wssastcli

10. Configure the CLI by starting the wssastcli executable without command line parameters from the terminal of your choice. You will be prompted with an interactive setup.

...

NOTE: In some environments the CLI does not exit the interactive setup when users presses Ctrl+C. Cancellation is also possible by pressing Esc and typing“exit”, or by pressing Ctrl+E.

11. Enter the Server URL and API Token.

12. You will be prompted with an optional advanced configuration, in which you can configure your scans.

...

13. After the configuration is completed, a wscli-config.json file will be created with all the set parameters inside.
Below is an example wscli-config.json file. All of these JSON parameters can also be specified as environment variables. A full list can be found in the User Guide.

Code Block
{
    "connection": {
        "token": "………………………………………………………………………",
        "url": " ",
        "organizationId": "……………………………………………………………",
        "timeoutMin": 10,
        "insecureSkipVerify": false
    },
    "proxy": {
        "enabled": false,
        "url": "",
        "username": "",
        "password": ""
    },
    "cachePath": "",
    "scans": {
        "engines": [],
        "directory": "",
        "application": "",
        "template": "",
        "submitFiles": true,
        "submitLogs": true,
        "snippetSize": 10,
        "exclusions": [],
        "incremental": false,
        "uploadBaseline": false,
        "baselineStorage": "",
        "threshold": {
            "high": 0,
            "medium": 0,
            "low": 0,
            "cwe": []
        }
    },
    "reports": {
        "generate": false,
        "formats": [],
        "filename": ""
    },
    "noColor": false,
    "noProgress": false
}

14. To run your first scan, set the --app parameter to the name of the application that you are scanning (which will be automatically created in your SAST dashboards) as well as the --dir parameter if it is not already set through the interactive advanced configuration.
Command line parameters can override any configuration set in JSON files. For example:

Code Block
wssastcli --app "MyFirstApp" --dir "C:\projects\myproject"

15. The CLI and engine logs will be automatically submitted to the SAST server, but if you want to manually review them, they are located under the user's HOME directory (%USERPROFILE% on Windows and $HOME on Linux), in the .sastcli/logs directory.

The --help parameter

You can run wssastcli with the --help parameter to get more information about supported command line parameters.

NOTE: Complete Mend CLI documentation can be found here.

...

breakoutModewide

...

This page is available at Mend’s new Knowledge Hub, here: Initial Setup