We performed a comparison between GitHub and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The initial setup was easy."
"We are finding GitHub is very stable."
"The solution has been stable for us."
"The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"Complication free with good ability for third-party integrations."
"There are no issues. It's simple, easy, and fully compatible from my perspective with Git."
"The product has a very user-friendly interface and user-friendly security."
"All the features are valuable, but the most important feature is that GitHub has advanced security. The second important feature is the capability to create custom GitHub actions and the capability to deploy in different types of architectural infrastructures, such as hybrid, private, or public."
"Its ease of use and good results are the most valuable."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"The solution is scalable."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"GitHub's issue management could be improved a little from an organization standpoint. It would be helpful to have the ability to organize a work board or a backlog more comprehensively. For organizations migrating to GitHub from arbitrary systems, it's a little bit of a headache to move on to that system."
"It would be better if the amount of storage were increased."
"GitHub uses basic configuration, but messaging is not clear."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"The product must document the CI/CD process more."
"GitHub could have better integration or capability with other solutions."
"Lacks sufficient support in terms of professional services that could be provided."
"Github needs more storage."
"I would like to see the static analysis included with the open-source version."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
GitHub is ranked 13th in Application Security Tools with 64 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. GitHub is rated 8.6, while Mend.io is rated 8.4. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Atlassian SourceTree and Fortify on Demand, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One. See our GitHub vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.