We performed a comparison between CodeSonar and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."CodeSonar’s most valuable feature is finding security threats."
"It has been able to scale."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"There is nice functionality for code surfing and browsing."
"The tool is very good for detecting memory leaks."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The vulnerability analysis is the best aspect of the solution."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"The solution is scalable."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The overall support that we receive is pretty good. "
"We set the solution up and enabled it and we had everything running pretty quickly."
"Its ease of use and good results are the most valuable."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"The scanning tool for core architecture could be improved."
"There could be a shared licensing model for the users."
"It was expensive."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"The initial setup could be simplified."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
CodeSonar is ranked 21st in Application Security Tools with 7 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. CodeSonar is rated 8.2, while Mend.io is rated 8.4. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". CodeSonar is most compared with SonarQube, Coverity, Klocwork, Polyspace Code Prover and Semgrep Code, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One. See our CodeSonar vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.