Versions Compared

Old Version 71

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents
maxLevel5

General Information

Mend Advise allows your developers to view a snapshot of a component’s details before they download it to their repository, and incorporate it in the codebase. It is delivered as a Chrome or Microsoft Edge (from version 83) extension.

Mend Advise quickly identifies open source component installation references on Web pages such as StackOverflow, Maven Central, and RubyGems. See also Supported Repositories.

When in the page, a simple click on the icon enables developers to view important details to help them decide whether or not to add a new component. Details include known vulnerabilities, quality scores, and whether the component is currently in use within your organization.

Installing Mend Advise as an External User

Inviting an External User (for Mend Administrators Only)

The Mend account administrator has the option to invite users to download and use Mend Advise by doing the following:

  1. From the Mend application, click Admin > Advise for Chrome Management. The Advise for Chrome Management screen is displayed.
  2. In Add Users by Email pane, in Emails, add the email addresses of all the users for whom you want to receive an invitation via email.
    Note: Ensure each email address is entered on a separate line.

Installing Mend Advise (for Invited Users)

Invited (external) users will receive a link via an email invitation in order to complete the installation.

Info

For Admins to Know: Ensure that the email link is opened in the relevant browser (Chrome / Microsoft Edge). The browser also marks these references in the relevant web pages. If Chrome or Microsoft Edge are not the default browser, then you must copy and paste the email link in either Chrome / Microsoft Edge. 

Mend Advise scans web pages for open-source installation references. To perform these functions, it requires permissions to read and write on web pages. You must approve these permissions (no browsing history information is saved).

...

Image Removed

...

Image Removed

     III. Change the URL to one of the following depending on where your service is hosted: 

          http://app.whitesourcesoftware.com
          http://app-eu.whitesourcesoftware.com
          http://saas-eu.whitesourcesoftware.com
          http://<DEDICATED INSTANCE>.whitesourcesoftware.com
          http://<ONPREM URL>
     

     IV. Click Save.
     V. Click the lower right configuration icon to exit the configuration screen

5. Enter the user's email and submit. A verification email will be sent.
6. Open the verification email and click on the "verify link."

Activating Mend Advise via the Profile Page (Mend Users Only)

Existing Mend users can activate the Mend Advise from their 'Profile' page without having an administrator send an invitation. This option is done via the following steps:

...

page

...

is

...

NOTE: You have the option to deactivate Mend Advise on your organization by clicking Deactivate. 

Info
titleOn-Premises Deployments

Mend Advise is supported out of the box for on-premises installations. In the extension Settings page, the destination URL can be manually changed to point to the on-premises Mend instance.  This is done by going to Settings > modify (next to Destination) and entering the updated destination URL.  

Using Mend Advise

The following are the methods used for maximizing the Mend Advise functionality. For a list of repositories and platforms supported by each of these methods, refer to the table in Supported Repositories and Platforms.

1. Browse for a specific library version page by URL

For example, go here for a MVN repository library.

You can view the Mend selection plugin red mark when a library is identified.

Image Removed

Sample specific library pageImage Removed

2. Browse any Web page via a text pattern search

You can scan any Web page for open source component installation references, by clicking on the Mend Advise extension icon.

It will scan the page and detect all package references where/when available.

Image Removed

Any open source component installation reference (such as "pypi install", "gem install", etc.) will be highlighted.

Mend Advise searches for the following text patterns in these languages:

...

Code Block
pip install {package name}=={version}

Ruby (bundler)

One of the following

Code Block
gem install {package name}={version}
Code Block
gem install {package name}:{version}

JavaScript (NPM)

Code Block
npm install {package name}@{version}

.NET (NuGet)

One of the following:

Code Block
install-package {package name} –package {version}
Code Block
update-package {package name} –package {version}
Code Block
nuget install {package name} –package {version}
Code Block
nuget update {package name} –package {version}

Java (Maven)

One of the following:

Code Block
<dependency>

      <groupId>{group}</groupId>

      <artifactId>{artifact}</artifactId>

      <versionId>{version}</versionId>

   </dependency>
Code Block
<plugin>

                …

   </plugin>
Code Block
<parent>

                …

   </parent>

Go

Code Block
import (

                “github.com/{owner1}/{repository1}”

                “github.com/{owner2}/{repository2}”

                ...

)

PHP (Composer)

One of the following:

Code Block
"require": {

                “{group}/{artifact}”: “{version}”

}
Code Block
"require-dev": {

                “{group}/{artifact}”: “{version}”

}

Scala (SBT)

One of the following:

Code Block
librarydependencies += "{group}" % "{artifact}" % "{version}"
Code Block
libraryDependencies ++= Seq(

    "{group-1}" % "{artifact-1}" % "{version-1}",

    "{group-2}" % "{artifact-2}" % "{version-2}" % "test"

)

Rust (Cargo)

One of the following:

Code Block
cargo install --version {version} {package name}
Code Block
cargo install --vers {version} {package name}
Code Block
cargo update -p {package name}
Code Block
cargo update --package {package name}
Code Block
cargo update -p {package name} --precise {version}
Code Block
cargo update --package {package name} --precise {version}

Haskell (Cabal)

One of the following:

Legacy:

Code Block
cabal install {package name}
Code Block
cabal install {package name}-{version}

Version 2:

Code Block
cabal v2-install {package name}
Code Block
cabal v2-install {package name}-{version}

OCaml (Opam)

One of the following:

Code Block
opam install {package name}
Code Block
opam install {package name}.{version}
Code Block
opam pin add {package name}

3. Code snippet highlighting on any Web page

Scan any of the supported code references from the previous section by highlighting it, right-clicking, and then selecting Scan with Mend Advise option. 

The Mend Advise searches for the same patterns that were displayed in the previous section and provides a single result:

Image Removed

Displayed Information after the Scan

Mend Advise displays the following information:

  • License: identifies the component's license.
  • Outdated: informs you if there's a newer version of the library. Note: Mend ignores non-stable versions of a library (such as an alpha version).
  • Policies: shows you whether the component meets your company's policy as configured in your Mend account.
  • Projects: shows you if your organization is already using this library and number of occurrences.
  • Security vulnerabilities: each shield accounts for a different vulnerability and severity is demonstrated by color.
  • Quality: provides an overall score based on the number of commits, version releases, etc. 

Image Removed

In the following sample screenshot, Mend Advise found two vulnerabilities with a high score. Clicking on the 'Take me to the first component' link forwards you to the first icon of the vulnerability.

Image Removed

Selecting the Interface Language 

Mend Advise provides you with the option to select a language:

...

Supported Repositories and Platforms

Mend Advise currently supports the following repositories:

...

GitHub

...

Stack Overflow

...

Maven Central Repository

...

Mvn Repository

...

Ruby Gems

...

GoDoc

...

PyPi

...

NuGet

...

Packagist 

...

Info
titleURL Scanning

Supported Languages

Mend Advise supports the detection of open source components installation references in the following programming languages:

Java, Scala (SBT), .NET, JavaScript, Ruby, Python, Go, PHP, Rust, Haskell, OCaml

...

available at: https://docs.mend.io/bundle/integrations/page/mend_advise__formerly_web_advisor_.html