We performed a comparison between HCL AppScan and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI was very intuitive."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The solution offers services in a few specific development languages."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It was easy to set up."
"You can easily find particular features and functions through the UI."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"For us, the most valuable tool was open-source licensing analysis."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"We set the solution up and enabled it and we had everything running pretty quickly."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The results and the dashboard they provide are good."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"There is room for improvement in the pricing model."
"The penetration testing feature should be included."
"The only thing that I don't find support for on Mend Prioritize is C++."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"The solution lacks the code snippet part."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"I would like to see the static analysis included with the open-source version."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Mend.io is ranked 6th in Application Security Tools with 29 reviews. HCL AppScan is rated 7.6, while Mend.io is rated 8.4. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Invicti, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx and Jscrambler. See our HCL AppScan vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.