No more typing reviews! Try our Samantha, our new voice AI agent.

Kiuwan Insights vs Mend.io comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 19, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Kiuwan Insights
Ranking in Static Code Analysis
22nd
Average Rating
4.0
Reviews Sentiment
6.4
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Mend.io
Ranking in Static Code Analysis
4th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
34
Ranking in other categories
Application Security Tools (9th), Software Composition Analysis (SCA) (5th), Software Supply Chain Security (1st)
 

Mindshare comparison

As of July 2026, in the Static Code Analysis category, the mindshare of Kiuwan Insights is 1.8%, up from 0.7% compared to the previous year. The mindshare of Mend.io is 4.6%, down from 8.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Code Analysis Mindshare Distribution
ProductMindshare (%)
Mend.io4.6%
Kiuwan Insights1.8%
Other93.6%
Static Code Analysis
 

Featured Reviews

FE
Head of Development and Consulting at Logalty
Protects problematic libraries; sorely lacking in customer services
Kiuwan lacks decent support, it's very bad. A couple of years ago an American company bought Kiuwan and support became non-existent. It's a big part of why we're looking to move to another product. We have questions regarding false positives and nobody responds to our tickets. They don't have any answers. If you're looking for a cheaper solution and don't require support, it might be okay, but a large end company that has a lot of questions about how the developers are programming will have trouble.
meetharoon - PeerSpot reviewer
CEO at a computer software company with 10,001+ employees
Centralized security monitoring has reduced false positives and improves dependency governance
The only area for improvement I would say is that the false positives are nearly zero; everything is mostly like 99 to 99.99% or we can say 100% accurate. There were a few areas for improvement just from the last time I saw; I think the user experience had a little problem. We wanted to have certain reports based on our kind of scenario, but the tool did not allow us to create custom reports. We had asked for some facility and some ability for us to create some custom reports. That would be awesome if they allow us to create custom reports the way we wanted. There is one small area which I don't know whether we should call a tool limitation or a wish list; if I use a library and I don't use all the capabilities of the library but only a portion of it and that portion is not vulnerable, but there is a component which is outdated, that is a problem, even though I don't use that component. Mend.io will discover there is a problem in the whole library; that is correct. That's a valid discovery, but in my case, for example, if I don't use that particular portion, then it actually is not making sense for me, but that's not a limitation of Mend.io; I think that's a general problem with any tool in the market because no tool in the market will actually know what portion of the code I'm actually using from that particular library if it is vulnerable or not.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have found the interface to be perfect."
"Can help in reducing the number of false positives."
"Insights is valuable at protecting a problematic library and enabling you to reduce the number of false positives."
"It saves a lot of money with early fixing."
"I am quite happy with WhiteSource; it is very good and provides many things, including extensive reports involving vulnerabilities."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"The main value is that it showed us what we needed to fix, and with the dashboard security trends feature, we can see over time if we made progress."
 

Cons

"Kiuwan lacks decent support, it's very bad. A couple of years ago an American company bought Kiuwan and support became non-existent."
"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well."
"The solution has issues detecting intrusive methods."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"The pricing model needs some changes."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"The main consideration is the cost. The products always have their maturity."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"Make the product available in a very stable way for other web browsers."
 

Pricing and Cost Advice

"Pricing can be improved as well."
"As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
"When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
"It is fairly priced."
"This is an expensive solution."
"Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
"The solution involves a yearly licensing fee."
"Over the last two years, they have tried to add more and more features to their license packages, but the price is a little bit high, comparatively."
"Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."
report
Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
14%
Computer Software Company
12%
Manufacturing Company
12%
Construction Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise21
 

Questions from the Community

Ask a question
Earn 20 points
How does WhiteSource compare with SonarQube?
Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, ea...
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What is your experience regarding pricing and costs for Mend.io?
Mend.io SCA offers a competitive pricing structure that is relatively affordable compared to similar solutions in the market. This makes it an attractive option for organizations looking to enhance...
 

Comparisons

 

Also Known As

Insights SCA
WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST
 

Overview

 

Sample Customers

Information Not Available
Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
Find out what your peers are saying about Kiuwan Insights vs. Mend.io and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.