Support
Launching Scans

Retrieving Mend SAST scan results

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

After setting up an integration between Invicti Enterprise and Mend SAST, you need to enable Invicti Enterprise to retrieve SAST scan results from Mend by configuring the scan settings/scan profile for the targets you mapped to Mend projects. This allows you to view Mend SAST scan results alongside your Invicti Enterprise DAST scan results on the Scan Summary and Issues pages, as well as other areas in Invicti Enterprise.

NOTE: The integration between Invicti Enterprise and Mend SAST does NOT initiate a Mend SAST scan. Invicti Enterprise will pull the latest SAST scan results from Mend for a mapped target and display the information in Invicti Enterprise alongside the DAST scan results.

This document explains how to configure the scan settings/scan profile for a target to retrieve SAST scan results from Mend.

Preparation

Ensure the following steps have been completed before configuring the scan settings/scan profile for a target:

  1. Follow the instructions in our Integrating Invicti Enterprise with Mend SAST documentation to connect your Invicti Enterprise and Mend accounts.
  2. Ensure the target you will scan is mapped to a Mend project in your Mend integration.
  • To check this, go to Integrations > Manage Integrations and click Edit next to your Mend integration listed in the Integrations table.
  • The target should be listed on the left side of the Target Mapping section, and the corresponding Mend projects should be on the right.
  • If the target is missing, click Add Mapping, then add the target on the left and the corresponding Mend projects on the right. Then click Save.

How to configure scan settings to retrieve SAST scan results from Mend

You can configure the Mend SAST scan setting when creating a new scan or scheduled scan, or when creating a new scan profile or editing an existing scan profile. Follow the steps below to enable retrieval of Mend SAST scan results in the scan settings/scan profile of a target:

  1. Navigate to the New Scan configuration page for your target using one of the methods below according to your preference:
  1. Select your Target URL.
  2. In the Scan Settings section, select Mend SAST.

  1. Click the checkbox next to Mend SAST. The Mend Projects that are connected to the target will appear.

TIP: You can amend the projects mapped to a target by editing the Mend integration. Go to Integrations > Manage Integrations and click Edit next to your Mend integration listed in the Integrations table.

  1. Complete the remaining Scan Options as outlined in Invicti Enterprise Scan Options Fields.
  2. Click Launch to start the new scan, or Save Profile if you are creating a new scan profile, or Update Profile if you are editing an existing scan profile.

The scan profile can now retrieve Mend SAST scan results. The next time you run a scan on this target with this scan profile, the latest Mend SAST scan results will automatically be added to the Scan Summary and Issues pages in Invicti Enterprise. For more information, refer to Viewing Mend SAST scan results in Invicti Enterprise.