Integrate Mend SCA with Vulnetix. Use the Mend CLI to scan dependencies and export SARIF, CycloneDX, or SPDX SBOMs for centralised vulnerability management.
SaaS platformSARIFCycloneDXSPDX
Run Mend SCA in CI
Scan on every push and upload the results to Vulnetix:
- name: Install Mend CLI
run: |
curl -LJO https://downloads.mend.io/production/unified/latest/linux_amd64/mend
chmod +x mend && sudo mv mend /usr/local/bin/
- name: Run Mend SCA
run: mend dep --format sarif --filename dep-results.sarif
env:
MEND_URL: https://saas.mend.io
MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
- name: Upload to Vulnetix
run: vulnetix upload --file dep-results.sarif
Centralise Mend SCA results in Vulnetix
Upload Mend SCA SARIF, CycloneDX, SPDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.