Overview
Product Information on Mend
What is Mend?
Mend Pricing
Overall experience with Mend
“Integration With Maven Builds Is Simple, but Large Scans May Be Slow”
“In this era of automation, with its increased cost, Mend is not able to do justice to SCA”
About Company
Company Description
Mend.io, previously known as WhiteSource, focusses on building high-grade Application Security (AppSec) programs which aim to mitigate risk while accelerating development. Leveraging cutting-edge automated technology, the company offers protection against threats associated with supply chains, malicious package attacks, and vulnerabilities found in both open source and custom code. Additionally, Mend.io addresses potential risks linked to open-source licenses. The firm is recognized for its record of satisfying complex, large-scale application security demands and is therefore chosen by numerous demanding development and security teams across the globe. Additionally, Mend.io administrates the automated dependency update project, Renovate.
Company Details
Do You Manage Peer Insights at Mend.io?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Mend
Performance of Mend Across Market Features
Mend Likes & Dislikes
Separation of scans by product. Neat arrangement of CVE ratings and fix recommendations.
Well, the Dashboards are nice, the user interface is also good & some policy enforcement features are nice. If we can ignore the false positives & Requires Review for a minute, then the tool is doing a decent job in the DevSecOps cycle.
ease of seeing all of our vulnerabilities in 1 dashboard
With a large number of projects to scan, mend.io can be slow to deliver results. If you have projects with many builds with different version numbers for the same artefact, it can be cumbersome to delete the older versions, as deletion is only possible one artefact at a time.
Multifold increase in renewal cost for WhiteSource (Mend) Scans often report lots of false positive alerts (especially source matches - min. 25% of total alerts) A lot of requires review at the end of the scan (min 18-20% of total libraries)
if we had how to questions while on the kick off call, our guy would not answer our questions. he pointed us toward documentation. we were trying to set it up and we could have moved faster if he was willing to help.
Top Mend Alternatives
Peer Discussions
Mend Reviews and Ratings
- MANAGER, CUSTOMER SERVICE AND SUPPORT10B+ USDSoftwareReview Source
Integration With Maven Builds Is Simple, but Large Scans May Be Slow
It's very easy to integrate Mend.io into a Maven build and announce builds and consumed libraries for scanning. Findings are colour-coded, and there are easy-to-navigate vulnerability alerts. The vulnerabilities from CVE + NVD are updated every few minutes and are automatically applied to the project. - Director of ITGov't/PS/EdEducationReview Source
Great product that helps our devs code smarter and more secure
overall it has been good. the product is great. the training is almost non existent. the hands on from the company could have been better. - Technical Manager50M-1B USDSoftwareReview Source
Mend Shows a Genuine Commitment to Implementing User Feedback and Needs
While many vendors in this space offer the same features and capabilities, Mend stood out with their willingness to find a solution that worked for us. No product is perfect but they took any feedback we had and directly implemented it into the product. - Senior Engineer1B-10B USDHardwareReview Source
Mend Scanning Effectively Identifies CVEs but Faces Occasional Issues
Mend scanning works well at identifying CVE's. They have been responsive when we had issues with the product. - Manager50M-1B USDBankingReview Source
Effective FOSS Scans with Excellent UX and Reporting Capabilities
Overall positive experience as qe use it for FOSS scans for target companies