Mend for GitHub.com (formerly WhiteSource) is a GitHub app that provides both SCA (Software Composition Analysis) and SAST (Static Application Security Testing) scans to analyze a project's open-source dependencies and proprietary code.

Open-Source Component Scanning

With every valid commit, the GitHub app scans all your repos, both private and public, to make sure nothing puts your product at risk. The app detects vulnerabilities and license violations in open-source components and provides suggestions for fixes. For scanning open-source components, we've got you covered with support for over 200 programming languages and continuous tracking of multiple open-source vulnerability databases like the NVD and additional security advisories.

Automated Code Inspection

Mend for GitHub.com also performs an extensive security analysis of application source code, which automates code inspection as an alternative to the demanding and time-consuming procedure of manual code reviews. You can effortlessly assess your custom code for security weaknesses and components that violate your organization’s defined policies with support for twenty-five of the most used programming languages.

Comprehensive Security Reports

Mend for GitHub.com scans create Mend Security Check and Mend Code Security Check Reports that offer insight into new, resolved, and overall security findings to help you identify and address problems without ever needing to leave GitHub.com.

Getting Started

Read our documentation for guidance and how to use the app.