Mend.io – Backstage Integration: Bringing Security Insights Where You Need Them

Backstage background

Launched as an internal project by Spotify in 2016, Backstage was released under the Apache 2.0 open source license in 2020 to help other growing engineering teams deal with similar challenges. Backstage aims to provide a consistent developer experience and centralize tools, documentation, and services within a single platform.

What started as a way to help new developers onboard faster is now a fully fleshed out developer portal that standardizes how teams interact with their internal services, APIs, and resources. Backstage includes features for service catalogs, continuous delivery, observability, and plugin integrations—all customizable to fit specific workflows.

For application security teams, Backstage offers wide views and controls across the development process and with the Mend.io plugin, deep insights into application risks overall or by project, too.

Mend.io for Backstage

Switching across multiple tools and projects isn’t just annoying, it can also lead to potential security blindspots and delayed response times. Likewise, missing opportunities to address vulnerabilities early in the development process can lead to costly rework, delays in releases, and vulnerabilities in production.

We want to save you from that trouble and consolidate security information from SCA, SAST, and Container scans into a single view within Backstage, providing you with a comprehensive overview of projects’ security.

We built the Mend.io plugin for Backstage to help you:

• Stay where you are with integrated projects overview. We love our own UI, but we want to be wherever it is that you need us to be. Mend.io’s centralized project dashboard within Backstage provides visibility into each project and its security findings, giving a complete view of a project’s threat landscape.
• Zoom in for detailed findings or zoom out for the big picture. A proactive approach to application security requires insights to make broad strokes and fine lines. Mend.io’s findings overview dashboard drills down into identified risks for a deeper analysis right within Backstage and shows all identified vulnerability findings across your organization.
• Work on what matters with risk severity prioritization. Vulnerabilities are not all created equal and treating them that way is a waste of resources. The Mend.io plugin for Backstage displays the severity level of each identified threat to effectively prioritize remediation of the risks that matter most.
• Bring security directly to developers. Encouraging developers to take on ownership of security with enthusiasm starts with minimizing the disruptions security tools add to their environments. The Mend.io plugin for Backstage embeds security information directly into developers’ workflows and presents security scan results in a clear and concise manner, making it easier for developers to understand and remediate issues.
• Nip vulnerabilities in the bud. Help developers stay proactive with application security. The Mend.io plugin integrates security checks early in the development process, enabling developers to identify and address vulnerabilities while they’re still fresh.
• Keep track of the difference you make. It’s difficult to assess your security posture and demonstrate your team’s accomplishments to stakeholders if you lack clear metrics and insights. The Mend.io plugin for Backstage provides important metrics and reports to track security progress and demonstrate the effectiveness of security efforts.

Keeping applications secure is a tough job and Mend.io is here to assist you wherever you’re doing it.

Adding the Mend.io plugin to Backstage

Installing the Mend.io plugin for Backstage is simple. All you need is a simple script to install the back-end plugin plus a Mend.io API token. Information on both and everything else you need to get started can be found on the plugin installation page.