Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Integrations

Integrating Invicti Enterprise with Mend SAST

This document is for:
Invicti Enterprise On-Demand

The Invicti partnership with Mend allows you to retrieve Mend SAST scan results and view them in Invicti Enterprise alongside the DAST scan results for your targets. To achieve this, you need to integrate Invicti Enterprise and Mend SAST by mapping targets to Mend projects, then configure the scan settings/scan profile in Invicti Enterprise for each connected target to retrieve Mend SAST scan results.

NOTE: The integration between Invicti Enterprise and Mend SAST does NOT initiate a Mend SAST scan. Invicti Enterprise will pull the latest SAST scan results from Mend for a mapped target and display the information in Invicti Enterprise alongside the DAST scan results.

This document explains how to set up an integration between Invicti Enterprise and Mend SAST. 

How to integrate Invicti Enterprise with Mend SAST

To integrate Invicti Enterprise with Mend SAST, first, ensure you have established the prerequisites listed below. Then, follow the steps in this section to create a user key, retrieve your organization UUID from your Mend account, and finally configure the integration in Invicti Enterprise.

PREREQUISITES:

  • A Mend account with read access to your organization's Mend projects and findings
  • Know which of your targets in Invicti Enterprise map with your Mend projects

Step 1: Create a user key

  1. Log in to your Mend account.
  2. Open your user profile.

  1. Navigate to the User Keys section and click Create User Key. 

  1. Enter a Description for the new user key, then click Create.

  1. Click the three dots icon next to the new user key and select Copy User Key.

  1. Paste the User Key in an easily accessible place for use in 'Step 3: Configure the integration in Invicti Enterprise'.

  1. Continue with the instructions in the next section to retrieve your Organization UUID.

Step 2: Retrieve your organization UUID

  1. In your Mend account, click the settings icon, then select Administration.

  1. On the General Configuration page, click the copy icon next to the Organization UUID.

  1. Paste the Organization UUID in an easily accessible place for use in the next section. You now have the necessary data to input into Invicti Enterprise to configure the integration.

Step 3: Configure the integration in Invicti Enterprise

  1. Log in to Invicti Enterprise.
  2. Select Integrations > New Integration from the left-side menu.

  1. Scroll down to the Connections section and select Mend.

  1. On the New Mend Integration page, fill in the following required fields:
  1. Enter a Name for the Mend connection. The name you provide will appear on the Manage Integrations page. If you intend to configure multiple Mend integrations, then the name will be important to help identify your different Mend connections.
  2. In the Url field, enter the API URL for your Mend SAST instance. This field is pre-filled with the default API URL. Ensure you change this if you use a different API URL for your Mend SAST instance.
  3. Enter the Email address that is attached to your Mend account.
  4. Enter your User Key. This is the unique identifier mapped to your Mend account that you generated in Step 1.
  5. Enter your Organization Id. This is the Organization UUID you retrieved from your Mend account in Step 2.

  1. Click Validate Credentials.

  1. A 'Connection successful!' message appears at the top of the page. If you see an error message, this means there was a problem with the configuration. Ensure you have provided the correct information in the Url, Email, User Key, and Organization Id fields.

  1. In the Target Mapping section that appears, map your Invicti Enterprise targets to your Mend projects:
  1. Click the Target drop-down on the left and select a target to map to your Mend projects.
  2. Click the Mend Projects drop-down on the right and select your Mend projects to map to the target you selected.
  3. Click Add Mapping to add a new row to map another target to Mend projects. You can add as many target mappings as you need.

NOTE: Invicti Enterprise does not verify the mapping between targets and Mend projects. Ensure you are mapping your Mend projects to the correct target. Accurate mapping will ensure that SAST results are related to the right target.

  1. When you have finished mapping targets, click Save.

Your Invicti Enterprise and Mend accounts are now integrated. The newly created integration is now listed on the Integrations page.  

IMPORTANT: Before running a DAST scan, you need to configure the scan settings/scan profile to enable retrieval of Mend SAST scan results. Without this configuration, you won't be able to view the Mend SAST scan results alongside your DAST scan results in Invicti Enterprise.  

For information about how to configure the scan settings/scan profile, refer to Retrieving Mend SAST scan results.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.