• Home
  • FOSSA vs. Mend

FOSSA vs Mend comparison

Cancel
You must select at least 2 products to compare!
FOSSA Logo

FOSSA

Read 5 FOSSA reviews
3,649 views|1,957 comparisons
Mend Logo

Mend

Read 13 Mend reviews
19,920 views|14,073 comparisons
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
FOSSA vs. Mend
March 2023
Executive Summary

We performed a comparison between FOSSA and Mend based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed FOSSA vs. Mend Report (Updated: March 2023).
Download the complete report
687,947 professionals have used our research since 2012.
Featured Review
Reviewer630753
Researched Mend but chose FOSSA: Reduces our costs and timeline and allows us to go very granular and automate the scanning of licenses
It has reduced the time that we used to take to go through the internal review and the diligence of a build and then push that build to be live on... Read more →
Kieran Whelan
It improved our mean time to resolution and works seamlessly
When talking about security, improvement is hard to measure. We haven't had a security breach yet, and it's probably because we use products like... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I am impressed with the tool’s seamless integration and quick results.""Policies and identification of open-source licensing issues are the most valuable features. It reduces the time needed to identify open-source software licensing issues.""The scalability is excellent.""One of the things that I really like about FOSSA is that it allows you to go very granular. For example, if there's a package that's been flagged because it's subject to a license that may be conflicts with or raises a concern with one of the policies that I've set, then FOSSA enables you to go really granular into that package to see which aspects of the package are subject to which licenses. We can ultimately determine with our engineering teams if we really need this part of the package or not. If it's raising this flag, we can make really actionable decisions at a very micro level to enable the build to keep pushing forward.""Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using."

More FOSSA Pros →

"The dashboard view and the management view are most valuable.""The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business.""WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.""The solution boasts a broad range of features and covers much of what an ideal SCA tool should.""We set the solution up and enabled it and we had everything running pretty quickly.""There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.""Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.""I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."

More Mend Pros →

Cons
"The technical support has room for improvement.""On the dashboard, there should be an option to increase the column width so that we can see the complete name of the GitHub repository. Currently, on the dashboard, we see the list of projects, but to see the complete name, you have to hover your mouse over an item, which is annoying.""For open-source management, FOSSA's out-of-the-box policy engine is easy to use, but the list of licenses is not as complete as we would like it to be. They should add more open-source licenses to the selection.""One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential.""I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning and reverse engineering of the boundaries and finding out what is inside."

More FOSSA Cons →

"The initial setup could be simplified.""They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.""We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.""It should support multiple SBOM formats to be able to integrate with old industry standards.""The only thing that I don't find support for on Mend Prioritize is C++.""WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance.""At times, the latency of getting items out of the findings after they're remediated is higher than it should be.""I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."

More Mend Cons →

Pricing and Cost Advice
  • "Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."
  • "FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."
  • "The solution's cost is a five out of ten."

    • More FOSSA Pricing and Cost Advice →

  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
  • "Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
  • "We always negotiate for the best price possible, and as far as I know, Mend has done an excellent job with their pricing. Our management is happy with the pricing, which has led to renewals."
  • "Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."

    • More Mend Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    See Recommendations
    687,947 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about FOSSA?
    Top Answer:Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices.
    Read all 7 answers   →
    What is your experience regarding pricing and costs for FOSSA?
    Top Answer:FOSSA is not cheap, but their offering is top notch. It is very much a 'you get what you pay for' scenario. Regardless of the price I highly recommend FOSSA.
    Read all 5 answers   →
    What needs improvement with FOSSA?
    Top Answer:On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having… more »
    Read all 7 answers   →
    How does WhiteSource compare with SonarQube?
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about WhiteSource?
    Top Answer:The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.
    Read all 11 answers   →
    Ranking
    7th
    out of 23 in Software Composition Analysis (SCA)
    Views
    3,649
    Comparisons
    1,957
    Reviews
    3
    Average Words per Review
    1,102
    Rating
    9.0
    4th
    out of 23 in Software Composition Analysis (SCA)
    Views
    19,920
    Comparisons
    14,073
    Reviews
    13
    Average Words per Review
    1,026
    Rating
    8.2
    Comparisons
    Black Duck logo
    Black Duck vs. FOSSA
    Compared 40% of the time.
    Snyk logo
    Snyk vs. FOSSA
    Compared 25% of the time.
    JFrog Xray logo
    JFrog Xray vs. FOSSA
    Compared 9% of the time.
    Sonatype Nexus Lifecycle logo
    Sonatype Nexus Lifecycle vs. FOSSA
    Compared 4% of the time.
    More FOSSA Competitors   →
    + Add more products to compare
    SonarQube logo
    SonarQube vs. Mend
    Compared 20% of the time.
    Black Duck logo
    Black Duck vs. Mend
    Compared 19% of the time.
    Snyk logo
    Snyk vs. Mend
    Compared 16% of the time.
    Veracode logo
    Veracode vs. Mend
    Compared 8% of the time.
    Coverity logo
    Coverity vs. Mend
    Compared 2% of the time.
    More Mend Competitors   →
    + Add more products to compare
    Also Known As
    WhiteSource
    Learn More
    FOSSA
    Video Not Available
    Mend
    Overview
    Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.

    Mend is a software composition analysis tool that secures what developers create. The solution provides automated reduction of software attack surface, reduces developer burdens, and accelerates app delivery. Mend provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violations alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend Features

    Mend has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend Benefits

    There are many benefits to implementing Mend. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend platform is very user friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Offer
    Learn more about FOSSA
    Learn More
    Learn more about Mend
    Learn More
    Sample Customers
    AppDyanmic, Uber, Twitter, Zendesk, Confluent
    Microsoft, Autodesk, NCR, Forgerock, The Home Depot, Bosch, IBM, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    REVIEWERS
    Computer Software Company45%
    Legal Firm9%
    Comms Service Provider9%
    Financial Services Firm9%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Manufacturing Company17%
    Financial Services Firm15%
    Comms Service Provider7%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Energy/Utilities Company6%
    Wholesaler/Distributor6%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Financial Services Firm13%
    Manufacturing Company8%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business45%
    Midsize Enterprise9%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise12%
    Large Enterprise65%
    REVIEWERS
    Small Business35%
    Midsize Enterprise8%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise68%
    Buyer's Guide
    FOSSA vs. Mend
    March 2023
    Free Report: FOSSA vs. Mend
    Find out what your peers are saying about FOSSA vs. Mend and other solutions. Updated: March 2023.
    DOWNLOAD NOW
    687,947 professionals have used our research since 2012.

    FOSSA is ranked 7th in Software Composition Analysis (SCA) with 5 reviews while Mend is ranked 4th in Software Composition Analysis (SCA) with 13 reviews. FOSSA is rated 8.8, while Mend is rated 8.2. The top reviewer of FOSSA writes "Reduces our costs and timeline and allows us to go very granular and automate the scanning of licenses". On the other hand, the top reviewer of Mend writes "Easy to use, great for finding vulnerabilities, and simple to set up". FOSSA is most compared with Black Duck, Snyk, JFrog Xray, Sonatype Nexus Lifecycle and Veracode Software Composition Analysis, whereas Mend is most compared with SonarQube, Black Duck, Snyk, Veracode and Coverity. See our FOSSA vs. Mend report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.