Mend.io Summary
The integration of Mend.io (WhiteSource) with the Centraleyezer Vulnerability Management platform enhances the import and management of security findings related to open source vulnerabilities. This collaboration enables organizations to efficiently identify, prioritize, track, and remediate vulnerabilities, thereby improving their overall security posture and risk management.
Mend.io (WhiteSource) Key Features
-
Data Import:
-
Import open source vulnerabilities from Mend.io into Centraleyezer, either on-demand or via automated schedules.
- Supported formats: JSON.
-
-
Detailed Findings:
-
Centraleyezer provides comprehensive vulnerability details detected by Mend.io tools.
-
-
Risk Scoring:
-
Configurable severity values for Mend.io findings, adjustable based on organizational risk policies.
-
-
Selective Data Import:
-
Supports filtering based on status, scan type, and severity for more precise data imports.
-
Considerations
-
The integration supports mapping one Mend.io instance with one Centraleyezer instance.
-
Configuring a different Mend.io instance in the plugin will overwrite previously imported data.
Requirements
-
System Requirements:
-
Centraleyezer Prerequisites: Latest version of the Centraleyezer Vulnerability Management Platform recommended.
-
Mend.io Prerequisites: Must be able to export reports
-
-
Permissions and Roles:
-
Centraleyezer: Requires System Admin or Application Security Manager permissions.
-
Mend.io (WhiteSource): User access for vulnerability scan information.
-
Import mappings require admin-level permissions.
-
Release Notes
Version 1.0.0:
New mappings for vulnerabilities from Mend.io (WhiteSource) include:
-
-
Asset (Product)
-
Name
-
Description
-
Criticality (Severity)
-
CVSS (CVSS3 Score)
-
CVSS Vector (Score Metadata Vector)
-
CVE ID (Name)
-
Recommendation (Fix Resolution)
-