Mend.io and JFrog Xray are competitive solutions in the software development lifecycle, focusing on security analysis and artifact management. JFrog Xray seems to have an upper hand with its comprehensive features that offer a potentially greater long-term value despite its cost.
Features: Mend.io provides effective vulnerability detection, open-source compliance, and code analysis. JFrog Xray excels in artifact scanning, integration with JFrog Artifactory, and robust security management.
Room for Improvement: Mend.io could enhance its deployment options and aim for more integration flexibility. Improvement in on-premises support and additional documentation resources are areas for refinement. For JFrog Xray, simplifying pricing models and reducing the initial cost barrier can increase accessibility. Streamlining user interface navigation and expanding support for third-party tools could be beneficial.
Ease of Deployment and Customer Service: JFrog Xray offers diverse deployment models across on-premises, cloud, and hybrid setups, supported by comprehensive resources. Meanwhile, Mend.io's cloud-focused deployment is complemented by highly responsive customer service, catering effectively to smaller organizations.
Pricing and ROI: Mend.io's competitive pricing is well-suited for small to medium enterprises seeking quick ROI with cost-effective solutions. JFrog Xray, with higher initial investment, offers substantial long-term returns due to advanced features and comprehensive security, appealing to organizations prioritizing robust security management.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
When we need clarifications, we contact our account manager, and they arrange demos.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL.
The actual challenge is how easy it is to integrate it in the early phase of the software development life cycle.
The organization decided to consolidate tools and chose Snyk since it provides multiple functionalities in one solution.
The basic scanning capabilities come with Artifactory, however, curation requires additional licenses.
The cost of Mend.io is competitive, being quite low compared to others.
The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features.
We find it 100% accurate in detecting vulnerabilities.
It handles Application Security, performing SCA SAST and container scanning.
JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].
If you are a team player and you care and you play to WIN, we have just the job you're looking for.
As we say at JFrog: "Once You Leap Forward You Won't Go Back!"
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.