We performed a comparison between GitGuardian Platform and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian."
"GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is."
"GitGuardian Internal Monitoring has helped increase our secrets detection rate by several orders of magnitude. This is a hard metric to get. For example, if we knew what our secrets were and where they were, we wouldn't need GitGuardian or these types of solutions. There could be a million more secrets that GitGuardian doesn't detect, but it is basically impossible to find them by searching for them."
"When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history."
"We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous."
"It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up."
"GitGuardian has pretty broad detection capabilities. It covers all of the types of secrets that we've been interested in... [Yet] The "detector" concept, which identifies particular categories or types of secrets, allows an organization to tweak and tailor the configuration for things that are specific to its environment. This is highly useful if you're particularly worried about a certain type of secret and it can help focus attention, as part of early remediation efforts."
"I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"Its ease of use and good results are the most valuable."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"The solution is scalable."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack."
"We have encountered occasional difficulties with the Single Sign-On process."
"GitGuardian encompasses many secrets that companies might have, but we are a Microsoft-only organization, so there are some limitations there in terms of their honey tokens. I'd like for it to not be limited to Amazon-based tokens. It would be nice to see a broader set of providers that you could pick from."
"For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives."
"There is room for improvement in GitGuardian on Azure DevOps. The implementation is a bit hard there. This is one of the things we requested help with. I would not say their support is not good, but they need them to improve in helping customers on that side."
"GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key."
"Other solutions have a live chat feature that provides instant results. Waiting for an agent to reply to an email is less ideal than an instant conversation with a support employee. That's a complaint so minor I almost hesitate to mention it."
"One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"I would like to see the static analysis included with the open-source version."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
GitGuardian Platform is ranked 8th in Application Security Tools with 21 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. GitGuardian Platform is rated 9.0, while Mend.io is rated 8.4. The top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". GitGuardian Platform is most compared with SonarQube, Cycode, GitHub Advanced Security, Snyk and Microsoft Purview Data Loss Prevention, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One. See our GitGuardian Platform vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.