Versions Compared

Old Version 28

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview

The Mend application uses the alerts concept to notify users of licensing and vulnerability open-source issues. Alerts work the following way: Upon scan completion, a customer’s inventory is synchronized to Mend, and the application analyzes the customer’s open-source libraries and source files and compares them to the Mend knowledge base and policy definitions. If security vulnerabilities, licensing and compatibility issues, or policy violations, etc. exist, alerts are triggered for the organization. 

In order to manage alerts, a dedicated Alerts menu is provided. The Alerts menu comprises the following (click the links below to access the documentation).

The following types of alerts are generated by Mend:

...

Alerts Category

...

Description

...

Security Alerts

...

Review alerts for vulnerabilities. This category comprises two views (each with its own screen):

  • View By Vulnerability - Enables you to view and manage the alerts per vulnerability according to the selected products/projects.  For example, use this screen to ignore alerts of a specific vulnerability across all libraries in the selected scope.

  • View By Library - Enables you to view and manage the alerts per library according to the selected products/projects.  For example, use this screen to ignore all security alerts of a specific library in the selected scope. 

...

Other Alerts - Licensing and Compliance

...

Review alert details for licensing and quality issues reported for a given product or project.

  • High Severity Bug Alerts - Triggered for old Java libraries that include a severity rating and a bug rating. NOTE: Currently being deprecated and might contain outdated information.

  • Multiple Library Versions Alerts - Triggered for any library that appears twice or more in different versions within a certain product

  • Multiple Licenses Alerts - Triggered for any library that has more than one license

  • New Versions Alerts - Triggered for any library found to be out-of-date (i.e., not updated to the latest version). Note that new version alert(s) apply only to direct dependencies and not transitive dependencies.

  • Policy Violation -  Triggered for any violation your policies

  • Rejected Library In Use Alerts - Triggered for any library that created a request which was later rejected

Alerts Actions

Once you have all alerts of the scope you selected, you can choose to ignore those that are not relevant to your environment. Ignored Alerts won't appear in the dashboards and reports. 

For further analysis,  do the following:

...

Add a free-text comment (such as why you chose to ignore the alert) of up to 255 characters. 

...

Filter the ignored alerts, and select the ones to reactivate (opposite of ignore)

...

This page is available at: https://docs.mend.io/bundle/sca_user_guide/page/managing_alerts.html