HCL AppScan vs Mend comparison

Cancel
You must select at least 2 products to compare!
Veracode Logo
41,100 views|24,342 comparisons
HCL Logo
9,327 views|7,161 comparisons
Mend  Logo
Read 13 Mend reviews
19,920 views|14,073 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between HCL AppScan and Mend based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. Mend Report (Updated: March 2023).
687,947 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place.""In pipeline scanning, there is a configuration that can be set with respect to the security level of the flaw. If there is a high or a critical issue, there's a way the build can be failed and blocked before going into production.""I like the ability to integrate Veracode with other coding platforms like Visual Studio, which helps you write code quickly by implementing already inserted code. For example, if we have tags you want to put in the software, it is effortless to choose which programming language you want to use in the integrated development environment.""It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved.""The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.""There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place.""The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. When an application is being used by the public, security is a challenge. Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. It provides good reports.""Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."

More Veracode Pros →

"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL.""AppScan is stable.""This is a stable solution.""The most valuable feature of the solution is Postman.""It was easy to set up.""The most valuable feature of HCL AppScan is scanning QR codes."

More HCL AppScan Pros →

"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.""We set the solution up and enabled it and we had everything running pretty quickly.""Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.""The solution is scalable.""We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.""I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.""There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.""The results and the dashboard they provide are good."

More Mend Pros →

Cons
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad.""We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git""The training lab is not very user-friendly and takes a long time to set up.""The product has issues with scanning.""Sometimes we get a lot of false positives even after configuring our policies, so that could be improved.""The solution could improve the Dynamic Analysis Security Testing(DAST).""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode."

More Veracode Cons →

"The databases for HCL are small and have room for improvement.""AppScan is too complicated and should be made more user-friendly.""The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved.""Sometimes it doesn't work so well.""The solution could improve by having a mobile version.""We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."

More HCL AppScan Cons →

"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.""I would like to see the static analysis included with the open-source version.""At times, the latency of getting items out of the findings after they're remediated is higher than it should be.""The solution lacks the code snippet part.""It should support multiple SBOM formats to be able to integrate with old industry standards.""The turnaround time for upgrading databases for this tool as well as the accuracy could be improved.""Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.""We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."

More Mend Cons →

Pricing and Cost Advice
  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • "The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
  • "There is a fee to scale up the solution which I consider expensive."
  • "I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
  • "I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
  • "There are no setup or implementation charges. They offer a free trial and free consulting services... The price depends on your requirements, your source code sizes, and how complicated your source code is."
  • More Veracode Pricing and Cost Advice →

  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • More HCL AppScan Pricing and Cost Advice →

  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
  • "Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
  • "We always negotiate for the best price possible, and as far as I know, Mend has done an excellent job with their pricing. Our management is happy with the pricing, which has led to renewals."
  • "Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."
  • More Mend Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    687,947 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:The user interface is excellent, the code review process is quick and provides great analytics to understand our code… more »
    Top Answer:It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as… more »
    Top Answer:The most valuable feature of the solution is Postman.
    Top Answer:As a developer who has been studying and working in the security product industry for several years, I have been… more »
    Top Answer:This is a primarily application security testing solution.
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This… more »
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is… more »
    Top Answer:The license management of WhiteSource was at a good level. As compared to other tools that I have used, its… more »
    Comparisons
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    WhiteSource
    Learn More
    Overview

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    Mend is a software composition analysis tool that secures what developers create. The solution provides automated reduction of software attack surface, reduces developer burdens, and accelerates app delivery. Mend provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violations alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend Features

    Mend has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend Benefits

    There are many benefits to implementing Mend. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend platform is very user friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Offer
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about HCL AppScan
    Learn more about Mend
    Sample Customers
    State of Missouri, Rekner
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    Microsoft, Autodesk, NCR, Forgerock, The Home Depot, Bosch, IBM, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    REVIEWERS
    Financial Services Firm30%
    Computer Software Company14%
    Insurance Company9%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm16%
    Comms Service Provider8%
    Manufacturing Company7%
    REVIEWERS
    Government20%
    Transportation Company13%
    Manufacturing Company13%
    Insurance Company13%
    VISITORS READING REVIEWS
    Computer Software Company24%
    Government10%
    Financial Services Firm9%
    Comms Service Provider8%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Media Company6%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Financial Services Firm13%
    Manufacturing Company8%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business26%
    Midsize Enterprise22%
    Large Enterprise52%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    REVIEWERS
    Small Business25%
    Midsize Enterprise9%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise10%
    Large Enterprise72%
    REVIEWERS
    Small Business35%
    Midsize Enterprise8%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise68%
    Buyer's Guide
    HCL AppScan vs. Mend
    March 2023
    Find out what your peers are saying about HCL AppScan vs. Mend and other solutions. Updated: March 2023.
    687,947 professionals have used our research since 2012.

    HCL AppScan is ranked 16th in Application Security Tools with 6 reviews while Mend is ranked 4th in Application Security Tools with 13 reviews. HCL AppScan is rated 6.6, while Mend is rated 8.2. The top reviewer of HCL AppScan writes "Improves application security, identifies gaps, and performs well". On the other hand, the top reviewer of Mend writes "Easy to use, great for finding vulnerabilities, and simple to set up". HCL AppScan is most compared with SonarQube, Checkmarx, Micro Focus Fortify on Demand, Fortify WebInspect and Qualys Web Application Scanning, whereas Mend is most compared with SonarQube, Black Duck, Snyk, Checkmarx and Qualys Web Application Scanning. See our HCL AppScan vs. Mend report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.