Ingest Mend Renovate vulnerability findings and scans
- Latest Dynatrace
- How-to guide
- Published Mar 09, 2026
Ingest Mend Renovate dependency vulnerability findings and analyze them in Dynatrace.
Get started
Overview
Dynatrace integration with Mend Renovate Self Hosted (Community & Enterprise) allows you to unify and contextualize dependency vulnerability findings across different repositories for visualization and automation of security findings.
Mend Renovate runs in your source repositories and detects dependency vulnerabilities (for example, via GHSA and OSV) as part of its automated dependency updates and job runs. The Dynatrace platform observes the applications and services that are built and deployed from those repositories. Ingesting and enriching vulnerability findings and scans from Mend Renovate with runtime and repository context in Dynatrace helps users focus on the top risks that affect their production applications and codebase.
Use cases
With the ingested data, you can accomplish various use cases, such as:
Requirements
See below for the Mend Renovate and Dynatrace requirements.
Mend Renovate requirements
-
Renovate version 13.6.0+
-
To authenticate, the user must provide:
-
Base URL
-
API secret
MEND_RNV_API_SERVER_SECRETin your Renovate deployment.
-
-
The following flags must be enabled in your Renovate environment in order to ingest vulnerability findings:
-
MEND_RNV_ADMIN_API_ENABLED -
MEND_RNV_API_ENABLE_SYSTEM -
MEND_RNV_API_ENABLE_JOBS -
MEND_RNV_API_ENABLE_REPORTING -
RENOVATE_OSV_VULNERABILITY_ALERTS
-
-
Update the repository-level
renovate.jsonconfigurations with the following configuration:"vulnerabilityAlerts": {"enabled": true,"addLabels": ["security"]}
For details, see:
Dynatrace requirements
-
ActiveGate version 1.310+ that needs to be able to
- Run Extensions 2.0 framework
- Reach the Renovate API endpoints
-
Permissions: For a list of permissions required, go to Hub, select
Extensions, and display Technical information. -
Generate an access token with the
openpipeline.events_securityscope and save it for later. For details, see Dynatrace API - Tokens and authentication.
Activation and setup
-
In Dynatrace, search for Mend Renovate and select Install.
-
Follow the on-screen instructions to configure the extension.
-
Verify configuration by running the following queries in
Notebooks:-
For finding events:
fetch security.events| filter dt.system.bucket == "default_securityevents"| filter event.provider == "Renovate"AND event.type == "VULNERABILITY_FINDING" -
For scan events:
fetch security.events| filter dt.system.bucket == "default_securityevents"| filter event.provider == "Renovate"AND event.type == "VULNERABILITY_SCAN"
-
-
Once the extension is installed and working, you can access and manage it in Dynatrace via
Extensions. For details, see About Extensions.
Details
How it works
Dynatrace integration with Mend Renovate is an extension running on Dynatrace ActiveGate. Once you enable and configure the Dynatrace Mend Renovate extension
-
It periodically collects security findings using the Renovate REST API.
-
The fetched data is ingested into Dynatrace and mapped to the Dynatrace Semantic Dictionary.
-
Data is stored in a bucket called
default_securityevents(for details, see Built-in Grail buckets).
Licensing and cost
For billing information, see Events powered by Grail.
FAQ
Which data model is used for the security events coming from Mend Renovate integration?
-
Vulnerability finding events store the individual vulnerability findings reported by Mend Renovate for each affected artifact and component.
-
Vulnerability scan events indicate coverage of scans for the individual repository.
Which Mend Renovate security findings are imported into Dynatrace?
-
Dependency vulnerability findings from Mend Renovate are reported by default when Collect Renovate security events is enabled in the extension configuration.
-
On the first ingest run, integration ingests all findings from successful Mend Renovate jobs that started within the last
mdays, wheremis the initial fetch time window (in days) set in the advanced options. -
If the extension is configured to ingest data at an interval of
nhours (Security findings ingest frequency), then whenever the extension runs, it ingests vulnerability findings only from new successful jobs (for example, jobs that completed after the previous run and are not yet stored in the extension’s job history). Any such new job within the initial fetch window is processed; its log is parsed for vulnerability messages and enriched via OSV, and the resulting vulnerability finding and vulnerability scan events are sent to Dynatrace. -
If no new successful jobs are found (all relevant jobs were already processed), no new findings are ingested.
Which extension fields are added on top of the core fields of the events ingested from Mend Renovate?
- The
renovatenamespace is added so Mend Renovate–specific attributes are available on top of the core security event schema. The full upstream payload (OSV API response for a vulnerability) is stored in theevent.original_contentfield.
Example fields:
-
renovate.pull_request.title:Title of the Mend Renovate pull request that would fix or update the vulnerable dependency (from the job’s branch/upgrade context). -
renovate.update_type: Type of dependency update (for example, major, minor, and patch) associated with the finding. -
renovate.branch_name: Mend Renovate branch name for the upgrade (for example,renovate/package-x-y.z).
How do we normalize the risk score for Mend Renovate findings?
-
Risk scores are derived in two steps:
-
The extension tries to get a numeric score from CVSS data in the vulnerability record (from the OSV/CVE-style severity list: CVSS 2, 3.x, or 4 type and vector).
-
If no valid CVSS type or vector is available, it falls back to mapping the vulnerability’s severity label (for example, critical, high, medium, low) to fixed scores.
-
-
dt.security.risk.scoremaps the Mend Renovate–provided severity score. -
dt.security.risk.levelis mapped from the Mend Renovate severity score.
dt.security.risk.score (mapped from finding.score) | dt.security.risk.level (mapped from dt.security.risk.score) |
|---|---|
| 9.0-10.0 | CRITICAL |
| 7.0-8.9 | HIGH |
| 4.0-6.9 | MEDIUM |
| 0.1-3.9 | LOW |
| 0.0 | NONE |