We performed a comparison between Digital.ai Application Security and Mend.io based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."I used the tool to prepare for the interview as a Business Developer. It helped me improve my understanding on software security."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The vulnerability analysis is the best aspect of the solution."
"The overall support that we receive is pretty good. "
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"I would like the tool to integrate AI and automation that is dedicated to detecting software vulnerabilities."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"The dashboard UI and UX are problematic."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"The initial setup could be simplified."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
Digital.ai Application Security is ranked 36th in Application Security Tools with 1 review while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Digital.ai Application Security is rated 6.0, while Mend.io is rated 8.4. The top reviewer of Digital.ai Application Security writes "Helps to improve knowledge on software security ". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Digital.ai Application Security is most compared with SonarQube, PortSwigger Burp Suite Professional and Fortify Application Defender, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.