New Features and Updates
Added the ability to define custom SLA values for violations in automation workflows, ranging from 1 - 1000 days.
The Mend AI Native AppSec platform now supports IP allowlisting, configurable via the Administration > General tab. Administrators can configure access by specifying exact IP addresses or CIDR ranges, blocking unauthorized IPs from accessing the API or the platform UI.
New Features and Updates
Introducing significant SBOM enhancements:
Users can now import Syft and Dependency Track-generated SBOMs.
The CycloneDX 1.6 format is now supported, both import and export.
Improved error handling for SBOM imports.
Improved Maven matches when importing an SBOM.
Improved reliability and accuracy of npm package resolution.
New Features and Updates
All code snippets are encrypted by default, to strengthen security and prevent unauthorized access. However, now customers may provide their own encryption key via a new API endpoint.
Resolved Issues
Security improvements: Multiple core libraries have been updated to their latest secure versions.
Fixed an issue where the analysis depth was sometimes overly restricted. This could lead to inconsistencies between incremental and full scans, especially in Fast Scan mode. With this fix, scan results are now more consistent across modes, and in some cases additional findings may be reported.
New Features and Updates
The Container SBOM report can now be exported in the CycloneDX 1.6 format.
Introducing Wolfi distribution support for Mend Container.
New Features and Updates
(Premium) Introducing two new API endpoints for listing AI components and findings:
GET /api/v3.0/projects/{projectUuid}/ai/model/findings/security
GET /api/v3.0/applications/{applicationUuid}/ai/model/findings/security
The models endpoint in the Findings - Project API now contains additional fields, aligning with the data available in the AI Models page of the Mend AI Native AppSec Platform UI.
Resolved Issues
(SCA) Fixed an issue where executing multiple dependency scans simultaneously on the same machine would lead to scan results not being displayed properly in the console and platform UI.
No notable updates.
(Closed Beta) The Mend Developer Platform for GitHub is now available as a closed beta.
New Features and Updates
If LVP (Least Vulnerable Package) remediation strategy is enabled, the security check will show the suggested fix accordingly.
Security check run table improvements: Easier to see if the vulnerability and suggested fix are reported on a direct dependency or a transitive one.
Resolved Issues
Fixed an issue where Pull Requests were created with First Fix remediation strategy suggestions instead of Least Vulnerable Package.
Unified Agent 25.4.3-179 | Renovate 41.71.1 | Remediate 25.8.1 | Pre-Scan Builder (PSB) 25.8.1
New Features and Updates
The First Fix remediation strategy is now available for Python in self-hosted repository integrations. Enable by setting the environment variable MEND_PYTHON_FIRSTFIX_ENABLED to true (default is false).
Resolved Issues
(SAST) Fixed a bug in the proxy configuration of the repository integration which erroneously led to SAST scans not being triggered and a message about incorrect SAST credentials.
Unified Agent 25.4.3-179 | Renovate 41.71.1 | Remediate 25.8.1 | Pre-Scan Builder (PSB) 25.8.1
New Features and Updates
The First Fix remediation strategy is now available for Python in self-hosted repository integrations. Enable by setting the environment variable MEND_PYTHON_FIRSTFIX_ENABLED to true (default is false).