IT Central Station is now PeerSpot: Here's why
Cancel
You must select at least 2 products to compare!
FOSSA Logo
3,447 views|1,905 comparisons
Mend  Logo
Read 11 Mend reviews.
19,774 views|15,874 comparisons
Featured Review
Buyer's Guide
FOSSA vs. Mend
May 2022
Find out what your peers are saying about FOSSA vs. Mend and other solutions. Updated: May 2022.
610,229 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components.""The support team has just been amazing, and it helps us to have a great support team from FOSSA. They are there to triage and answer all our questions which come up by using their product.""What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me.""Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using.""FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that.""Policies and identification of open-source licensing issues are the most valuable features. It reduces the time needed to identify open-source software licensing issues.""One of the things that I really like about FOSSA is that it allows you to go very granular. For example, if there's a package that's been flagged because it's subject to a license that may be conflicts with or raises a concern with one of the policies that I've set, then FOSSA enables you to go really granular into that package to see which aspects of the package are subject to which licenses. We can ultimately determine with our engineering teams if we really need this part of the package or not. If it's raising this flag, we can make really actionable decisions at a very micro level to enable the build to keep pushing forward.""Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices."

More FOSSA Pros →

"The solution boasts a broad range of features and covers much of what an ideal SCA tool should.""Its ease of use and good results are the most valuable.""WhiteSource helped reduce our mean time to resolution since the adoption of the product.""The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.""The solution is scalable.""The dashboard view and the management view are most valuable.""The results and the dashboard they provide are good.""The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."

More Mend Pros →

Cons
"For open-source management, FOSSA's out-of-the-box policy engine is easy to use, but the list of licenses is not as complete as we would like it to be. They should add more open-source licenses to the selection.""I would like the FOSSA API to be broader. I would like not to have to interact with the GUI at all, to do the work that I want to do. I would like them to do API-first development, rather than a focus on the GUI.""The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from.""One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential.""On the dashboard, there should be an option to increase the column width so that we can see the complete name of the GitHub repository. Currently, on the dashboard, we see the list of projects, but to see the complete name, you have to hover your mouse over an item, which is annoying.""I would like more customized categories because our company is so big. This is doable for them. They are still in the stages of trying to figure this out since we are one of their biggest companies that they support.""On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization.""I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue."

More FOSSA Cons →

"The solution lacks the code snippet part.""I would like to see the static analysis included with the open-source version.""It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process.""We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail.""The turnaround time for upgrading databases for this tool as well as the accuracy could be improved.""The initial setup could be simplified.""At times, the latency of getting items out of the findings after they're remediated is higher than it should be.""They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."

More Mend Cons →

Pricing and Cost Advice
  • "FOSSA is not cheap, but their offering is top-notch. It is very much a "you get what you pay for" scenario. Regardless of the price, I highly recommend FOSSA."
  • "Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."
  • More FOSSA Pricing and Cost Advice →

  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
  • "Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
  • More Mend Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    610,229 professionals have used our research since 2012.
    Questions from the Community
    Ask a question

    Earn 20 points

    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    Top Answer:WhiteSource helped reduce our mean time to resolution since the adoption of the product.
    Ranking
    Views
    3,447
    Comparisons
    1,905
    Reviews
    9
    Average Words per Review
    1,935
    Rating
    8.8
    Views
    19,774
    Comparisons
    15,874
    Reviews
    11
    Average Words per Review
    772
    Rating
    7.7
    Comparisons
    SonarQube logo
    Compared 22% of the time.
    Black Duck logo
    Compared 21% of the time.
    Snyk logo
    Compared 20% of the time.
    Veracode logo
    Compared 6% of the time.
    Coverity logo
    Compared 1% of the time.
    Also Known As
    WhiteSource
    Learn More
    FOSSA
    Video Not Available
    Overview
    Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.

    Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io.

    Offer
    Learn more about FOSSA
    Learn more about Mend
    Sample Customers
    AppDyanmic, Uber, Twitter, Zendesk, Confluent
    Microsoft, Autodesk, NCR, Forgerock, The Home Depot, Bosch, IBM, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    REVIEWERS
    Computer Software Company44%
    Legal Firm11%
    Comms Service Provider11%
    Financial Services Firm11%
    VISITORS READING REVIEWS
    Computer Software Company29%
    Manufacturing Company17%
    Financial Services Firm12%
    Comms Service Provider11%
    REVIEWERS
    Computer Software Company36%
    Media Company7%
    Energy/Utilities Company7%
    Consumer Goods Company7%
    VISITORS READING REVIEWS
    Computer Software Company33%
    Comms Service Provider15%
    Financial Services Firm8%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise11%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    REVIEWERS
    Small Business29%
    Midsize Enterprise10%
    Large Enterprise62%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise15%
    Large Enterprise67%
    Buyer's Guide
    FOSSA vs. Mend
    May 2022
    Find out what your peers are saying about FOSSA vs. Mend and other solutions. Updated: May 2022.
    610,229 professionals have used our research since 2012.

    FOSSA is ranked 7th in Software Composition Analysis (SCA) with 8 reviews while Mend is ranked 4th in Software Composition Analysis (SCA) with 11 reviews. FOSSA is rated 8.8, while Mend is rated 7.8. The top reviewer of FOSSA writes "Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software". On the other hand, the top reviewer of Mend writes "Easy to use, great for finding vulnerabilities, and simple to set up". FOSSA is most compared with Black Duck, Snyk, JFrog Xray, Sonatype Nexus Lifecycle and Veracode Software Composition Analysis, whereas Mend is most compared with SonarQube, Black Duck, Snyk, Veracode and Coverity. See our FOSSA vs. Mend report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.