Checkmarx One and Mend.io compete in the code security and open-source management domain. Based on comparisons, Checkmarx One appears to have the upper hand in flexibility and deployment options, while Mend.io has a competitive edge with its robust price structure and focus on dependency management.
Features: Checkmarx One offers comprehensive code scanning without needing compilation, supports multiple languages and integrates with key repositories. It makes the process straightforward for developers. Mend.io excels in dependency management and vulnerability detection, offers detailed reports, supports numerous languages, and is renowned for fewer false positives.
Room for Improvement: Checkmarx One could benefit from enhancing false positives reporting, expanding language support, and improving licensing flexibility. Mend.io needs to focus on role management improvements, refine notification systems, and enhance User Interface usability. Additionally, integrating more package managers and boosting automation features would enhance Mend.io’s efficiency.
Ease of Deployment and Customer Service: Checkmarx One supports various deployment options, including on-premises and hybrid configurations, providing more flexibility for secure environments. Mend.io mainly focuses on cloud-based deployments. Both platforms receive positive feedback for their technical support, although Checkmarx One's varied deployment options offer more adaptability.
Pricing and ROI: Checkmarx One is perceived as relatively expensive with a complex licensing model, yet provides significant value in security management. Mend.io, with its competitive pricing structure, attracts smaller organizations despite being viewed as costly. Both tools demonstrate strong ROI, improving vulnerability management and facilitating secure deployment.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
The actual challenge is how easy it is to integrate it in the early phase of the software development life cycle.
The organization decided to consolidate tools and chose Snyk since it provides multiple functionalities in one solution.
The cost of Mend.io is competitive, being quite low compared to others.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
We find it 100% accurate in detecting vulnerabilities.
It handles Application Security, performing SCA SAST and container scanning.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
