We performed a comparison between FlexNet Code Insight and Mend.io based on real PeerSpot user reviews.
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA)."It had a web interface into the reporting tools that was decent, and open source components could be reported per project and/or aggregated similar to other software composition tools."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The solution is scalable."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"The results and the dashboard they provide are good."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"I found the user interface cumbersome and difficult to use."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
Earn 20 points
FlexNet Code Insight is ranked 17th in Software Composition Analysis (SCA) while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. FlexNet Code Insight is rated 4.0, while Mend.io is rated 8.4. The top reviewer of FlexNet Code Insight writes "A decent web interface for reports, but the snippet style code matching requires too much effort". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". FlexNet Code Insight is most compared with Black Duck, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.