• Home
  • CAST Application Intelligence Platform vs. Mend.io

CAST Application Intelligence Platform vs Mend.io comparison

Cancel
You must select at least 2 products to compare!
CAST Logo

CAST Application Intelligence Platform

Read 4 CAST Application Intelligence Platform reviews
1,011 views|682 comparisons
83% willing to recommend
Mend.io Logo

Mend.io

Read 29 Mend.io reviews
8,686 views|5,116 comparisons
96% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
CAST Application Intelligence Platform vs. SonarQube
March 2024
Executive Summary

We performed a comparison between CAST Application Intelligence Platform and Mend.io based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Snyk, CAST and others in Software Development Analytics.
To learn more, read our detailed CAST Application Intelligence Platform vs. SonarQube Report (Updated: March 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Vishal-Goyal
Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry
Bruno Lavit
Automation, such as automated pull requests, saves us significant time
Since we moved to Mend.io, a long time ago, everything has been fully automated and we are saving a lot of time. When it comes to MTTR, we are... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients.""CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform.""It supports most programming languages.""The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out.""Used for controlling the technical debt and code quality."

More CAST Application Intelligence Platform Pros →

"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.""We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds.""WhiteSource helped reduce our mean time to resolution since the adoption of the product.""Our dev team uses the fix suggestions feature to quickly find the best path for remediation.""It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions.""We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.""We set the solution up and enabled it and we had everything running pretty quickly.""The dashboard view and the management view are most valuable."

More Mend.io Pros →

Cons
"It has very few plugins to access different code repositories, so source code has to be fed.""The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code.""Implementation could be made more simpler as it is complex.""The integration of this solution could be improved.""Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."

More CAST Application Intelligence Platform Cons →

"I would like to see the static analysis included with the open-source version.""We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.""They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.""WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers.""The UI is not that friendly and you need to learn how to navigate easily.""Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.""The solution lacks the code snippet part.""The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."

More Mend.io Cons →

Pricing and Cost Advice
  • "I do know how the CAST Application Intelligence Platform is licensed, but I'm not able to give the cost because the price is not listed. My company works with individual vendors, so pricing is on a case-to-case basis, but the vendors give specialized pricing because of the enterprise deployment, though my team is aware of product pricing based on lines of code, based on the number of applications, etc., I'm unable to give the exact licensing costs of the CAST Application Intelligence Platform. My company doesn't have to pay extra for some features or services because all are included as part of the enterprise license. On a scale of one to five, with five being very cheap and one being very expensive, I would rate the CAST Application Intelligence Platform as three out of five."

    • More CAST Application Intelligence Platform Pricing and Cost Advice →

  • "We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
  • "The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
  • "Pricing is competitive."
  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."

    • More Mend.io Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Development Analytics solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about CAST Application Intelligence Platform?
    Top Answer:The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some… more »
    Read all 2 answers   →
    What needs improvement with CAST Application Intelligence Platform?
    Top Answer:The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the… more »
    Read all 2 answers   →
    What is your primary use case for CAST Application Intelligence Platform?
    Top Answer:We use CAST Application Intelligence Platform for multiple purposes. One of its use cases is understanding the code health in terms of scalability, reliability, efficiency, and performance. These are… more »
    Read all 2 answers   →
    How does WhiteSource compare with SonarQube?
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Mend.io?
    Top Answer:The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related… more »
    Read all 23 answers   →
    Ranking
    3rd
    out of 10 in Software Development Analytics
    Views
    1,011
    Comparisons
    682
    Reviews
    2
    Average Words per Review
    753
    Rating
    8.0
    4th
    out of 40 in Software Composition Analysis (SCA)
    Views
    8,686
    Comparisons
    5,116
    Reviews
    10
    Average Words per Review
    1,324
    Rating
    8.5
    Comparisons
    Also Known As
    CAST AIP
    WhiteSource, Mend SCA
    Learn More
    CAST
    Mend.io
    Overview

    CAST Application Intelligence Platform (AIP), a result of over $130M in R&D investment over two decades, is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

    • Application Analytics Dashboard (CAST AAD): Provides IT executives with accurate business relevant analytics to drive their organization
    • Application Engineering Dashboard (CAST AED): Provides engineering and QA teams with powerful code and system level structural flaw insight and remediation guidance
    • Enlighten: Delivers to developers a powerful deep understanding of their application’s structure
    • Architecture Checker: Gives architects a reliable, automated solution to enforce architectures that deliver stability and performance of their critical applications

    CAST’s underlying system-level analysis technology assesses both the health of an application, as measured through numerous health factors, as well as specific structural and system-level defects that drive performance and stability issues providing true system level analysis.

    Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend.io Features

    Mend.io has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend.io Benefits

    There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend.io platform is very user-friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend.io provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Sample Customers
    Steria, T-Systems MMS, Atos Origin, Accenture, Capgemini
    Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm25%
    Computer Software Company16%
    Manufacturing Company13%
    Insurance Company9%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Media Company6%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company10%
    Insurance Company5%
    Company Size
    VISITORS READING REVIEWS
    Small Business11%
    Midsize Enterprise13%
    Large Enterprise76%
    REVIEWERS
    Small Business36%
    Midsize Enterprise7%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%

    CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. CAST Application Intelligence Platform is rated 7.0, while Mend.io is rated 8.4. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". CAST Application Intelligence Platform is most compared with SonarQube, Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode.

    We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.