Mend.io (WhiteSource) integration
Export the vulnerability report from Mend as JSON and upload it against the White Source template.
Scan types imported
- Open-source dependency vulnerabilities (CVE)
File import
The template walks the vulnerabilities array per product.
What Centraleyezer expects in the file
- Per vulnerability: CVE identifier, description, severity (low/medium/high), CVSSv3 score and vector, and the fix resolution as the recommendation.
- The product name identifies the affected asset (application / component).
How imported findings are risk-scored
Every Mend.io (WhiteSource) finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.