Application Vulnerability Management (AVM)

NOTES:

  • This is a controlled Mend Integration Release. Please contact your Mend customer success manager for access to this feature.

  • If you have a dedicated ThreadFix or Fortify Agent installation with a version earlier than v18.20.x, migrate to the latest AVM Agent.

Overview

The Mend Application Vulnerability Management (AVM) platform integration enables customers that are running AVM platforms such as, Fortify or ThreadFix, to extend the auditing results of Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST) of their applications, and complement these results with a comprehensive view of Software Composition Analysis (SCA) auditing results on one dashboard; thus, providing simplified and efficient 360 degree vulnerability management.

The integration provides customers with up-to-date information about vulnerabilities found in the open-source components used in their software, ensures better security monitoring throughout the software development lifecycle, and synchronizes auditing decisions concerning open-source components between Mend and AVM platforms in a bidirectional manner. Filtering and aggregating comprehensive SAST, DAST, and SCA information in the AVM dashboard help to prioritize remediation, and ensure that critical vulnerabilities are handled first independent of the vulnerability’s source. In addition, a record with all the information about the vulnerability and its auditing status (including the CVE number, severity level and suggested fix) is issued for every vulnerability found in the utilized open-source components.

The following topics describe: