### Get License Compatibility Report - Product Request Example Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous This JSON example shows how to request a license compatibility report for a product. It specifies the request type, the product token, and the user key. ```json { "requestType" : "getProductLicenseCompatibilityReport", "productToken" : "product_token", "userKey": "user_key" } ``` -------------------------------- ### Request Example: Get Project Source File Inventory Report Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON payload for requesting a project source file inventory report. Requires userKey, projectToken, and format. ```json { "requestType" : "getProjectSourceFileInventoryReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "json" } ``` -------------------------------- ### Request Example: Get Product Source File Inventory Report Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON payload for requesting a product source file inventory report. Requires userKey, productToken, and format. ```json { "requestType" : "getProductSourceFileInventoryReport", "userKey": "user_key", "productToken" : "product_token", "format" : "json" } ``` -------------------------------- ### Example of Mend Build Status Information (buildSettings) Source: https://docs.mend.io/integrations/latest/install-mend-for-bitbucket-cloud An example of the hidden JSON object that may be added to the Build Status when 'showWsInfo' is enabled, containing project token details. ```html ``` -------------------------------- ### Get Effective Licenses Report - Organization Request Example Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous This JSON example outlines the parameters needed to retrieve an organization-level Effective Licenses report. It includes the request type, user key, and organization token. ```json { "requestType" : "getOrganizationEffectiveLicensesReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` -------------------------------- ### Get Security Alerts by Library Report - Product Request Example (JSON) Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON request to retrieve a security alerts by library report for a specific product. This requires the user key, product token, desired status, and report format. ```json { "requestType" : "getProductSecurityAlertsByLibraryReport", "userKey": "user_key", "productToken" : "product_token", "status" : "ignored", "format" : "json" } ``` -------------------------------- ### Configure Go Private Registry Source: https://docs.mend.io/integrations/latest/install-mend-for-bitbucket-cloud This example configures credentials for a Go private registry. It specifies the `matchHost`, `hostType` as 'go', and provides encrypted credentials. ```json { "hostRules": [ { "matchHost": "https://goproxy.io/", "hostType": "go", "encrypted": { "token": "3f832f2983yf89hsd98ahadsjfasdfjaslf............" } } ] } ``` -------------------------------- ### Get Security Alerts by Library Report - Project Request Example (JSON) Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON request to retrieve a security alerts by library report for a specific project. This requires the user key, project token, desired status, and report format. ```json { "requestType" : "getProjectSecurityAlertsByLibraryReport", "userKey": "user_key", "projectToken" : "project_token", "status" : "active", "format" : "json" } ``` -------------------------------- ### Invalid Package Rule Examples (JSON) Source: https://docs.mend.io/wsk/renovate-package-rules-guide Illustrates invalid package rule configurations in Renovate. Rules must include at least one matching criteria (property starting with 'match*') and at least one action property to be considered valid. ```json // ❌ INVALID - No matching criteria { "packageRules": [ { "groupName": "All updates", "automerge": true, "schedule": ["after 9pm"] // Missing any match* property - Renovate won't know which packages this applies to } ] } // ❌ INVALID - No action properties { "packageRules": [ { "matchDepTypes": ["devDependencies"] // Missing action properties - Renovate won't know what to do when matched } ] } ``` -------------------------------- ### Example of Build Settings JSON Configuration Source: https://docs.mend.io/integrations/latest/installation-of-mend-for-bitbucket-cloud An example JSON object demonstrating how to configure various build settings for Mend security and license checks. ```json { "displayMode": "diff", "createBuildStatus": true, "failBuilds": true, "failLicenseBuilds": true, "showWsInfo": false, "strictMode": "warning" } ``` -------------------------------- ### Renovate Package Rule Structure: Matching Criteria and Actions (JSON) Source: https://docs.mend.io/wsk/renovate-package-rules-guide Illustrates the conceptual separation of matching criteria (IF conditions) and configuration settings (THEN actions) within a single Renovate package rule object. This example highlights properties starting with 'match*' for conditions and others for actions. ```json { "matchDatasources": ["maven"], "matchManagers": ["maven-wrapper"], "registryUrls": [""] } ``` -------------------------------- ### Request Example: Get Organization Due Diligence Report Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON payload for requesting an organization due diligence report. Requires userKey, orgToken, and format. ```json { "requestType" : "getOrganizationDueDiligenceReport", "userKey": "user_key", "orgToken" : "organization_api_key", "format" : "xlsx" } ``` -------------------------------- ### Response Example: Product Source File Inventory Report (JSON) Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON response for a product source file inventory report. Contains an array of sourceFiles, each with library details, filename, SHA1 hash, path, and update information. ```json { "sourceFiles": [ { "library": { "artifactId": "portofino", "version": "portofino-4.2.8-javadoc", "licenses": [ { "name": "LGPL 3.0", "references": [] } ] }, "filename": "script.js", "sha1": "a6717beac050d49869c234af4e409404b5593260", "path": "/RxJava/build/docs/javadoc/io/reactivex/rxjava3/functions/../../../../script.js", "productName": "GH_1_RxJava", "projectName": "GH_RxJava", "lastUpdatedDate": "2016-09-11 21:52:01", "matchType": "AUTOMATIC" } ] } ``` -------------------------------- ### Recommended Mend Renovate Starting Configuration Source: https://docs.mend.io/bundle/integrations/page/mend_remediate_and_renovate This JSON configuration demonstrates a recommended starting point for Mend Renovate integration. It enables Renovate and applies the `config:recommended` preset, which includes features like limiting PRs per hour and grouping monorepo dependencies. ```json { "remediateSettings": { "enableRenovate": true, "extends": ["config:recommended"] } } ``` -------------------------------- ### Retrieve JWT Token using Refresh Token for Mend API 3.0 Source: https://docs.mend.io/platform/latest/getting-started-with-mend-api-3-0 This example demonstrates how to retrieve a JWT token for authenticating subsequent Mend API 3.0 requests. It involves making a request to the 'Refresh Access Token' endpoint and including the refresh token obtained from the login step in the 'wss-refresh-token' header. ```http GET /api/v3.0/refresh-access-token Header: wss-refresh-token: ``` -------------------------------- ### Get Organization Risk Report Request Example Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous This JSON object provides an example of requesting a Risk report for an organization. It requires the user's key and the organization's token. ```json { "requestType" : "getOrganizationRiskReport", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` -------------------------------- ### Get License Compatibility Report - Project Request Example Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous This code snippet illustrates the JSON structure for requesting a license compatibility report for a project. It requires the request type, project token, and user key. ```json { "requestType" : "getProjectLicenseCompatibilityReport", "projectToken" : "project_token", "userKey": "user_key" } ``` -------------------------------- ### Response Example: Project Source File Inventory Report (JSON) Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON response for a project source file inventory report. Includes details for each source file, such as library information, filename, SHA1, path, and update timestamps. ```json { "sourceFiles": [ { "library": { "artifactId": "cloudify-cli", "version": "20.01.05", "licenses": [ { "name": "Apache 2.0", "references": [] } ] }, "filename": "agents.py", "sha1": "c463e1aeeb420afa0dfd4d25b9794a3b2bc0810a", "path": "C:\Users\TaliaSela\Projects\cloudify-cli\cloudify_cli\commands\agents.py", "productName": "Cfy", "projectName": "cloudify_cli", "lastUpdatedDate": "2020-02-17 17:59:19", "matchType": "AUTOMATIC" }, { "library": { "artifactId": "cloudify-cli", "version": "20.01.05", "licenses": [ { "name": "Apache 2.0", "references": [] } ] }, "filename": "blueprints.py", "sha1": "cd0def3e5802cce428f54d141a8be9aec99ffc73", "path": "C:\Users\TaliaSela\Projects\cloudify-cli\cloudify_cli\commands\blueprints.py", "productName": "Cfy", "projectName": "cloudify_cli", "lastUpdatedDate": "2020-02-17 17:59:19", "matchType": "AUTOMATIC" }, ...... ] } ``` -------------------------------- ### Renovate Package Rules Configuration Example (JSON) Source: https://docs.mend.io/wsk/renovate-package-rules-guide Demonstrates the basic structure of package rules within a Renovate configuration file. It shows how to define rules using the 'packageRules' array and specifies matching criteria like 'matchDatasources', 'matchManagers', and 'registryUrls'. ```json { "packageRules": [ { "matchDatasources": ["maven"], "matchManagers": ["maven-wrapper"], "registryUrls": [""] } ] } ``` -------------------------------- ### Get Project Due Diligence Report Request Example (JSON) Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON payload for requesting a Due Diligence report for a specific project. Requires requestType, userKey, projectToken, and format. ```json { "requestType" : "getProjectDueDiligenceReport", "userKey": "user_key", "projectToken" : "project_token", "format" : "json" } ``` -------------------------------- ### Get Product Due Diligence Report Request Example (JSON) Source: https://docs.mend.io/bundle/api_sca/page/reports_api_-_synchronous Example JSON payload for requesting a Due Diligence report for a specific product. Requires requestType, userKey, productToken, and format. ```json { "requestType" : "getProductDueDiligenceReport", "userKey": "user_key", "productToken" : "product_token", "format" : "json" } ``` -------------------------------- ### Configure Repository Onboarding with global-config.json Source: https://docs.mend.io/integrations/latest/installation-of-mend-for-bitbucket-cloud This JSON configuration file specifies how Mend for Bitbucket Cloud should handle repository onboarding. It allows for including or ignoring specific repositories by their exact names. If neither 'includedRepos' nor 'ignoredRepos' is present, all repositories will be onboarded. ```json { "repoConfigMode": "createOnboardingPR", "includedRepos": { "exactNames": [] } } ``` ```json { "repoConfigMode": "createOnboardingPR", "includedRepos": { "exactNames": ["Workspace-name/repo-name-0", "Workspace-name/repo-name-1"] } } ``` ```json { "repoConfigMode": "createOnboardingPR", "ignoredRepos": { "exactNames": ["Workspace-ID/repo-name-0", "Workspace-ID/repo-name-1"] } } ``` -------------------------------- ### Configure All Repositories Onboarding in Mend.io (JSON) Source: https://docs.mend.io/integrations/latest/set-up-a-global-configuration-for-mend-for-azure-1 This JSON snippet shows how to configure Mend.io to onboard all repositories by setting the 'includedRepos' parameter to null. This is an alternative to specifying individual repositories. ```json { "includedRepos": null } ```