New Features and Updates
Introducing a natural language search bar powered by AI, enabling users to filter applications and projects with intuitive prompts. This feature streamlines finding critical information, offers smart filter suggestions, and enhances the overall user experience with quick, relevant results and improved filter management.
Enhanced SAML integration with new configuration options, improved user provisioning controls, and a modernized UI for a more flexible and secure authentication experience. Updates include, but are not limited to, the following enhancements:
Disabling local logins
Toggling just-in-time user creation
Uploading or editing metadata in multiple formats
Notifications and visual indicators when the SAML certificate is close to expiration
A two-way SSO enforcement across the Mend AppSec Platform and Legacy SCA application.
New Features and Updates
Introducing three asynchronous, account-level API endpoints for exporting Dependencies reports in EXCEL format. Users can now generate inventory and findings reports with targeted filters for library name or finding ID, enabling precise data extraction and improved reporting flexibility.
New Features and Updates
The Mend Developer Platform now supports suppression approval workflows for Azure DevOps repositories. Developers can request suppressions directly from their workflows, while security managers retain control by approving or rejecting them. This ensures governance over security exceptions without slowing down development.
Added additional entry points for Express framework.
Resolved Issues
Fixed an issue where an old version of Oracle Linux package qemu-guest-agent was specified as a remediation suggestion. The version comparison logic has been updated to ensure only newer package versions are recommended for remediation.
Fixed an issue where scanning the official Grafana Docker image incorrectly identified the component version, resulting in false-positive vulnerability reports. The scan now accurately detects the correct Grafana version and matches CVEs accordingly.
New Features and Updates
(Premium / Core) Introducing System Prompt Risk (open beta), a new detection and remediation offering by Mend AI, for mitigating risks posed by system prompts used in conversational AI interfaces.
A new System Prompt Risk table inventories system prompts and provides quick export/sharing and deep-link side panel for prompt context.
System Prompt Risks are integrated into the existing AI Security Risk Factors across Projects and Applications. The classification appears as a Conversational Interface chip, is filterable, and automatically participates in dashboards and workflows.
Remediation in the form of a hardened system prompt is available in the System Prompt side panel, providing clear, copy-ready remediation guidance for AppSec engineers and developers.
The AI Security Dashboard has been enriched with system prompt risk data.
System prompt risk data is also available via API.
New Features and Updates
(SCA) Added reachability analysis support to the CLI in self-contained mode, allowing users to run reachability checks without external dependencies.
No notable updates.
New Features and Updates
The Vulnerability range setting has been changed, from a range that supports lower and upper limits, to Vulnerability threshold, which is a single number for failing checks.
For existing configurations which had the lower limit set to a non-round number (e.g., 4.6), the vulnerability threshold has been rounded-down (i.e., 4.0).
The upper limit is now always 10. For existing configurations which had an upper limit configured to anything other than 10, the upper limit is now 10 and non-configurable.
(GitHub) When the security check is neutral, the license check will now be present and have a neutral status, so that branch protection rules can be fully enforced.
(SAST) The Mend Developer Platform now supports suppression approval workflows for Azure DevOps repositories. Developers can request suppressions directly from their workflows, while security managers retain control by approving or rejecting them. This ensures governance over security exceptions without slowing down development.
Resolved Issues
Fixed a bug where PR scans were skipped when the PR originated from a cross-org fork.
Unified Agent 25.11.1-223 | Renovate 42.59.0 | Remediate 25.12.1 | Pre-Scan Builder (PSB) 25.8.1
New Features and Updates
(SCA) An SCA scan will now be triggered when a versions.kt file is added or modified.
Resolved Issues
Fixed a bug where triggering a manual scan via API resulted in a 404 error when the controller webhook interceptor was configured for HTTPS.
Fixed a bug where Out of Memory (OOM) errors were raised while reading HTTP responses.
(SCA) Fixed an issue where invalid system paths in certain pnpm and Yarn projects caused Reachability analysis to fail.
Unified Agent 25.11.1-223 | Renovate 42.59.0 | Remediate 25.12.1 | Pre-Scan Builder (PSB) 25.8.1
New Features and Updates
(SCA) An SCA scan will now be triggered when a versions.kt file is added or modified.
Resolved Issues
Fixed a bug where Out of Memory (OOM) errors were raised while reading HTTP responses.
(SCA) Fixed an issue where invalid system paths in certain pnpm and Yarn projects caused Reachability analysis to fail.
Unified Agent 25.11.1-223 | Renovate 42.59.0 | Remediate 25.12.1 | Pre-Scan Builder (PSB) 25.8.1
New Features and Updates
(SCA) An SCA scan will now be triggered when a versions.kt file is added or modified.
Resolved Issues
Fixed a bug where Out of Memory (OOM) errors were raised while reading HTTP responses.