Mend.io Reviews

Name: Mend.io
Brand: Mend.io
Rating: 4.2 (31 reviews)

4.2 out of 5

31 reviews
96% willing to recommend

What is Mend.io?

Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

Get the Mend.io Buyer's Guide and find out what your peers are saying about Mend.io, SonarQube Server (formerly SonarQube), GitLab and more!

Mend.io is the #1 ranked solution in top Software Supply Chain Security solutions, #4 ranked solution in top Static Code Analysis solutions, #7 ranked solution in top Software Composition Analysis (SCA) solutions, and #17 ranked solution in application security solutions. PeerSpot users give Mend.io an average rating of 8.4 out of 10. Mend.io is most commonly compared to SonarQube Server (formerly SonarQube): Mend.io vs SonarQube Server (formerly SonarQube). Mend.io is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 866,286 peers since 2012

Featured Mend.io reviews

meetharoon

CEO at a computer software company with 10,001+ employees

We have witnessed Mend.io for its high stability, consistently living up to our expectations in terms of performance and reliability. Our developers have reported very few issues and almost minimal to zero downtime, which is a critical factor for our organization to rely on Mend SCA to secure our applications. We didn't experience any major issues in the stability of the product. This level of dependability is crucial for our hundreds of development teams that need to maintain continuous integration and deployment processes without interruptions. We realize the solution's architecture is designed to support a wide range of use cases, making it suitable for organizations of varying sizes and complexities. As a SaaS (Software as a Service) offering, Mend.io eliminates the need for physical server management, which further contributes to its stability. Users can access the platform without worrying about hardware failures or maintenance issues that can affect on-premises solutions. Moreover, Mend.io's integration capabilities with existing workflows—including IDEs, repositories, and CI/CD pipelines—enhance its stability by providing a seamless user experience. This integration allows teams to incorporate security scanning into their development processes without significant disruptions, which is often a challenge with less stable solutions. Feedback from our developers and architects highlights the tool's effectiveness in reducing open-source software vulnerabilities while maintaining a streamlined development lifecycle. Our organization have experienced improved code quality and faster incident response times as a result of using Mend.io. The platform's intuitive dashboard and management views are also praised by our developers for their usability, contributing to a positive user experience. In short, Mend.io stands out as a dependable and reliable solution in the realm of software composition analysis. Its high stability, combined with robust integration capabilities and user-friendly features, makes it an excellent choice for organizations seeking to enhance their security posture while minimizing operational disruptions.

Read full review

Jeffrey Harker

System Manager of Cloud Engineering at Common Spirit

Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Governance up until that time had been manual and when we tried to do manual governance of a large codebase, our chances of success were pretty minimal. Mend (formerly WhiteSource) does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release. We use Mend (formerly WhiteSource) Smart Fix. I’d say pretty much everything in Mend (formerly WhiteSource) is easy to use. We really don't have too much difficulty using the product at all. I've implemented other scanners and tools and had much more trouble with those products than we've ever had with Mend (formerly WhiteSource). That’s extremely important. It's hard to sell to some of these teams to put any level of overhead on top of their product development efforts and the fact that Mend (formerly WhiteSource) is as easy as it is to use is a critical aspect of adoption here. It scores very highly on that scale. Mend (formerly WhiteSource) Smart Fix helps our developers fix vulnerable transitive dependencies. It's all very helpful to our development community. First of all, we're able to find that there are issues. Second of all, we're able to figure out very quickly what needs to be done to remediate the issues. Mend (formerly WhiteSource) helped reduce our mean time to resolution since adopting it. A lot of it is process improvement and technical aspects that can tell us how to go about remediating the issues. We get that out of Mend (formerly WhiteSource). Making the developers aware that these issues are there and insisting they be corrected and making the effort to do that visibly is very valuable to us. Overall, Mend (formerly WhiteSource) helped dramatically reduce the number of open-source software vulnerabilities running in our production at any given point in time. I won't give metrics, however, it's fair to say that our state before and after Mend (formerly WhiteSource) is dramatically different and moved in a positive direction. Mend's ability to integrate our developer's existing workflows, including their IDE repository and CI is good. Azure DevOps is really important. That's what the pipelines are. That's a very important piece of the entire puzzle. If this was just an external scanner where periodically we'd go through and scan our repos and give them a report, we’d do that with pen testing products, for example, for security testing. The problem is, by the time they get those reports, they've already shipped the code to multiple environments and it's too late to stop the train. With these features being baked into the pipelines like this, they know immediately. As a result, we're able to quickly take action to remediate findings.

Read full review

Kevin Dsouza

Intramural OfficialIntramural at Northeastern University

All applications in the world that are created have room for improvement. Within Mend itself, there’s Mend Prioritize, which prioritizes the vulnerability automatically by itself with relevance to our application. Mend Prioritize has support for five or six languages right now, including JavaScript, C, and C#. The only thing that I don't find support for on Mend Prioritize is C++, which they'll be working on since the product is under development. Once that's done, we can also add it into Mend Prioritize for our weekly scans, which will help us with our analysis and efforts for remediation. It's everything we need right now. There's nothing as such that’s out of the world that they should do. We use it just for one thing and focus on that. Therefore, they should not do anything else. We're fine with it as it is.

Read full review

Mend.io mindshare

Product category:

As of August 2025, the mindshare of Mend.io in the Software Composition Analysis (SCA) category stands at 7.9%, down from 8.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Composition Analysis (SCA) Market Share Distribution
Product	Market Share (%)
Mend.io	7.9%
Black Duck	17.8%
Snyk	13.7%
Other	60.599999999999994%

Software Composition Analysis (SCA)

PeerResearch reports based on Mend.io reviews

Type	Title	Date
Category	Software Composition Analysis (SCA)	Aug 30, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 30, 2025	Download
Comparison	Mend.io vs Black Duck	Aug 30, 2025	Download
Comparison	Mend.io vs Snyk	Aug 30, 2025	Download
Comparison	Mend.io vs Veracode	Aug 30, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	N/A	81%	116 interviews Add to research
GitLab	4.2	4.1%	97%	85 interviews Add to research

Valuable Features

Mend.io excels in open-source dependency management, offering features like CVE detection, license reporting, and inventory management. Users appreciate vulnerability and license alerts, trace analysis, and policy automation. Its ease of integration with IDEs and CI/CD pipelines is highlighted as essential. Mend Smart Fix and unified agent tools streamline vulnerability remediation. User-friendly dashboards aid in tracking security improvements and risk management, helping enterprises efficiently handle open-source components and enhance security practices.

"Mend.io is a security tool that provides security feedback for all tests."
"Mend.io is very robust in terms of managing third-party dependencies."
"Mend.io is very robust in terms of managing third-party dependencies."

Room for Improvement

Mend.io could enhance notifications and role management. Integration with various web browsers and improving the user interface are desired. Users seek better ACL, user-friendly documentation, and expanded language support, especially for Python and C++. Report generation and customization need refinement. Users request improved scanning for containers, reduced latency, and simplified setup. Pricing flexibility and support for additional frameworks and compliance packs are sought. Integration with existing CI/CD tools and a comprehensive feature set under one platform is also important.

"The main consideration is the cost. The products always have their maturity."
"AI integration in code security tools like Mend.io is still in its early stages and relatively immature."
"AI integration in code security tools like Mend.io is still in its early stages and relatively immature."

ROI

Organizations have found that using Mend.io effectively minimizes vulnerabilities, fostering security awareness and enhancing open-source project management. Automation of vulnerability identification has reduced developers' workload, leading to increased focus on innovation. Integration with development workflows streamlines processes, expedites delivery timelines, and prioritizes security. Comprehensive reporting provides risk management insights, leading to strategic security planning. Financially, organizations report significant cost savings due to decreased manual processes and faster remediation times, contributing to a positive return on investment.

Pricing

Mend.io users generally find the pricing model competitive, offering good value for companies managing multiple products and versions. The setup cost is affordable, and clear pricing structures offer fixed costs for developers, making it attractive for enterprise buyers. However, some feedback notes the pricing can escalate with added features or users, affecting larger enterprises or startups. Despite some concerns about scalability and inflexibility for smaller entities, overall, Mend.io is seen as a cost-effective choice compared to its competitors.

"It is fairly priced."
"Over the last two years, they have tried to add more and more features to their license packages, but the price is a little bit high, comparatively."
"Mend is costly but not overly expensive. The license was quite expensive this year, but we managed to negotiate the price down to the same as last year. At the same time, it's a good value. We're getting what we're paying for and still not using all the features. We could probably get more out of the tool and make it more valuable. At the moment, we don't have the capacity to do that."

Popular Use Cases

Mend.io users primarily leverage it for identifying third-party and open-source library usage in software, focusing on managing security vulnerabilities and license compliance. Integration with CI/CD processes automates scanning, helping users to detect and remediate risks efficiently. Some rely on its ability to reject risky licenses, ensuring corporate policies are met. It improves visibility over library dependencies, assists in vulnerability management, and provides legal compliance insights, aiding in proactive risk management and workflow integration.

Service and Support

Mend.io provides highly responsive customer service and technical support, with quick reaction times and knowledgeable staff. Many users mention timely assistance, with some noting resolution within hours. Support calls and regular meetings further enhance user satisfaction. While most rate the support highly, a few encounter delays or feature integration issues. Large organizations appreciate the tailored support, although some find support through resellers needs improvement. Mend.io’s customer engagement earns it ratings between eight and nine.

Deployment

Mend.io's initial setup generally impressed users with its user-friendly process. Many found the deployment quick and straightforward, often within an hour. Various options for integrating repositories were appreciated, making it adaptable to different environments. While some found certain aspects challenging, comprehensive documentation and support facilitated the process. Users noted its effective integration with tools like CI/CD pipelines, enhancing overall development workflows and security. Adaptation to specific needs required minimal effort, reinforcing Mend.io's flexibility.

Scalability

Mend.io exhibits strong scalability, adapting to various organizational sizes, from startups to large enterprises. Its architecture supports extensive code volumes and numerous dependencies efficiently. Mend.io seamlessly integrates into workflows and maintains performance as codebases expand. It facilitates collaboration across teams and divisions, ensuring consistent security practices. With DevOps and CI/CD compatibility, it provides automated scanning and real-time feedback, supporting rapid development cycles and maintaining security, ensuring it can effectively accommodate changing demands.

Stability

Mend.io is highly reliable with minimal downtime reported by multiple organizations. Most users find it dependable, particularly when integrated with CI/CD pipelines and existing workflows. Although it is generally robust, some have observed occasional instability with certain browsers and minor feature issues. Users who experienced these resolved them quickly with support. The constant database updates and accurate results are appreciated. Despite rare, temporary glitches, Mend.io's stability and performance are regarded as impressive by many.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Mend.io Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	3
Large Enterprise	17

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	417
Midsize Enterprise	283
Large Enterprise	1406

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

15%

Manufacturing Company

11%

Insurance Company

Energy/Utilities Company

Healthcare Company

Retailer

Government

Educational Organization

Comms Service Provider

University

Real Estate/Law Firm

Construction Company

Media Company

Consumer Goods Company

Non Profit

Legal Firm

Outsourcing Company

Pharma/Biotech Company

Hospitality Company

Performing Arts

Wholesaler/Distributor

Recreational Facilities/Services Company

Transportation Company

Logistics Company

Aerospace/Defense Firm

Compare Mend.io with alternative products

Learn more about Mend.io

Mend.io Features

Mend.io has many valuable key features. Some of the most useful ones include:

Vulnerability analysis
Automated remediation
Seamless integration
Business prioritization
Limitless scalability
Intuitive interface
Language support
Integration
Continuous monitoring
Remediation suggestions
Customization

Mend.io Benefits

There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

Easy to use: The Mend.io platform is very user-friendly and easy to set up.

Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.

Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.

Broad support: Mend.io provides 27 different programming languages and various programming frameworks.

Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.

Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.

Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

Mend.io was previously known as WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST.

Mend.io customers

Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates

Author info	Rating	Review Summary
CEO at a computer software company with 10,001+ employees	4.5	We use Mend.io with our CI/CD tools like Concourse and Jenkins for managing dependencies and detecting vulnerabilities across multiple languages. While the tool is low-cost and effective, we considered consolidating tools with Snyk for broader functionality.
Principal Architect at a consultancy with 11-50 employees	4.5	I work with Mend.io in industries like retail and hospitality. It's a security tool offering feedback on tests and supports Application Security, SCA, SAST, and container scanning. The main challenge is cost and integration in early software development stages.
Product Security Architect at Pitney Bowes Inc.	5.0	I use Mend.io to identify open-source library vulnerabilities and licensing issues. Its notification feature for critical vulnerabilities is valuable. I'd like a compliance pack for frameworks like CIS or NIST. The ROI is evident in enhanced security.
Release Manager at a tech vendor with 501-1,000 employees	4.5	We use Mend.io to efficiently detect and fix vulnerabilities in our products, benefiting from its ease of setup and numerous integrations. Improvements are needed in reporting features and UI, but overall, it provides significant time and resource savings.
Principal Security Engineer at Texthelp Ltd.	4.0	Mend is a seamless SaaS solution for managing open-source libraries and vulnerabilities, integrating well with our developer tools like Visual Studio and Azure. While effective, improvements could include preconfigured policies and a cleaner dashboard. It offers reliable security with no breaches.
Sr. Manager at a financial services firm with 10,001+ employees	4.0	No summary available
System Manager of Cloud Engineering at Common Spirit	4.5	No summary available
Intramural OfficialIntramural at Northeastern University	4.5	No summary available

Mend.io Reviews

What is Mend.io?

Featured Mend.io reviews

Mend.io mindshare

PeerResearch reports based on Mend.io reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Mend.io with alternative products

Learn more about Mend.io

Mend.io customers

Related questions

Product Categories

Popular Comparisons