Mend Bolt is a vulnerability scanning extension available in the Azure DevOps Marketplace. It integrates with Azure DevOps pipelines to provide automated security scanning for open-source vulnerabilities during the build and release process.
Here are the key features and steps to use Mend Bolt in Azure DevOps:
Vulnerability Scanning:
- Mend Bolt performs vulnerability scanning of your project's dependencies to identify known security vulnerabilities.
Integration with Azure Pipelines:
- Mend Bolt seamlessly integrates with Azure Pipelines, allowing you to incorporate vulnerability scanning into your CI/CD workflows.
Automated Scans:
- You can configure Mend Bolt to automatically scan your project dependencies for vulnerabilities during the build or release process.
Detailed Reports:
- Mend Bolt provides detailed reports and insights into identified vulnerabilities, including severity levels, affected components, and remediation guidance.
Policy Enforcement:
- Mend Bolt supports policy enforcement by allowing you to define custom policies and thresholds for managing security vulnerabilities.
Steps to integrate in Azure Devops pipeline
Go to Browse Marketplace, and search mend. Then Install Mend for free.
Go back to azure devops. Now navigate to Organization settings > Mend, Fill the form.
Now go to the pipelines > create pipeline with classic editor and add all the jobs you want to perform then add Mend Bolt.
Now after running the pipelines you will notice, another tab name "Mend Bolt" is created where you can see the report with fixes.
