Mapping service vulnerabilities with Mend

Mend is an automated vulnerability scanning tool that helps teams detect and resolve issues quickly. Mend can discover outdated packages and tell you if you’re relying on tools with known issues. Then, through automated remediation, Mend creates pull requests for developers with specific guidance on resolving those issues.

Mend conducts static code analysis as well as package and dependency management analysis to identify weaknesses. It’s designed to integrate seamlessly into existing DevOps environments and CI/CD pipelines, so developers don’t have to trigger or manually configure a vulnerability scan. 

When integrating with Mend, Cortex automatically maps services to corresponding Mend projects, and then surfaces all of its existing vulnerabilities in the catalog. Cortex also allows you to write Scorecard rules on top of this metadata, so you can quickly enforce security requirements for all projects.

This integration is especially powerful for security teams. Through the integration, security teams can improve organization-wide visibility into their security posture, and easily share vulnerabilities and key insights with developers. Security teams can build Scorecards to make overall security standards highly visible, too, empowering developers to take security standards into consideration from the beginning of the development lifecycle. Cortex pulls information directly from Mend to enable users to filter on severity levels, fixability, and other key metrics, so everyone can directly monitor performance and compliance in a single place.

To see how Cortex can help improve visibility into vulnerabilities, book a demo with us today. You can also take a look at our wide range of out-of-the-box integrations to see how Cortex can help your organization take reliability and visibility to the next level.