No more typing reviews! Try our Samantha, our new voice AI agent.

Continuous Dynamic (formerly WhiteHat Dynamic) vs Mend.io comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Continuous Dynamic (formerl...
Average Rating
8.0
Number of Reviews
2
Ranking in other categories
Dynamic Application Security Testing (DAST) (12th)
Mend.io
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
34
Ranking in other categories
Application Security Tools (9th), Software Composition Analysis (SCA) (5th), Static Code Analysis (4th), Software Supply Chain Security (1st)
 

Mindshare comparison

Continuous Dynamic (formerly WhiteHat Dynamic) and Mend.io aren’t in the same category and serve different purposes. Continuous Dynamic (formerly WhiteHat Dynamic) is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 4.4%, up 2.6% compared to last year.
Mend.io, on the other hand, focuses on Software Composition Analysis (SCA), holds 4.7% mindshare, down 7.6% since last year.
Dynamic Application Security Testing (DAST) Mindshare Distribution
ProductMindshare (%)
Continuous Dynamic (formerly WhiteHat Dynamic)4.4%
Veracode14.5%
Checkmarx One14.2%
Other66.9%
Dynamic Application Security Testing (DAST)
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
Mend.io4.7%
Snyk11.1%
Black Duck SCA9.1%
Other75.1%
Software Composition Analysis (SCA)
 

Featured Reviews

it_user245412 - PeerSpot reviewer
Executive Vice President, Operations at a computer software company with 51-200 employees
The product and customer service is extremely efficient but I would like to see more research and code examples.
* The continuous online scanning capabilities and reporting features. * The SaaS product features accessible from a browser make managing our online systems easy. * The ability to review security items quickly along with being able to retest vulnerabilities on our schedule make the Sentinel product an invaluable tool for our company’s product security requirements.
meetharoon - PeerSpot reviewer
CEO at a computer software company with 10,001+ employees
Centralized security monitoring has reduced false positives and improves dependency governance
The only area for improvement I would say is that the false positives are nearly zero; everything is mostly like 99 to 99.99% or we can say 100% accurate. There were a few areas for improvement just from the last time I saw; I think the user experience had a little problem. We wanted to have certain reports based on our kind of scenario, but the tool did not allow us to create custom reports. We had asked for some facility and some ability for us to create some custom reports. That would be awesome if they allow us to create custom reports the way we wanted. There is one small area which I don't know whether we should call a tool limitation or a wish list; if I use a library and I don't use all the capabilities of the library but only a portion of it and that portion is not vulnerable, but there is a component which is outdated, that is a problem, even though I don't use that component. Mend.io will discover there is a problem in the whole library; that is correct. That's a valid discovery, but in my case, for example, if I don't use that particular portion, then it actually is not making sense for me, but that's not a limitation of Mend.io; I think that's a general problem with any tool in the market because no tool in the market will actually know what portion of the code I'm actually using from that particular library if it is vulnerable or not.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The SaaS product features accessible from a browser make managing our online systems easy."
"I would recommend using WhiteSource."
"Scanning and collecting third-party libraries and classifying license types ensures our third-party software policy is followed and that we’re not using forbidden libraries."
"I am quite happy with WhiteSource; it is very good and provides many things, including extensive reports involving vulnerabilities."
"Once we onboarded to Mend.io, we saw a drastic improvement in the way Mend.io reported the SCA findings."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"We moved from Black Duck to WhiteSource as it was a more modern and scalable solution, with better integration support to various build and source environments."
"The solution is only cloud-based, not on-premises; it is user-friendly."
 

Cons

"I would like to see more research and code examples for the vulnerabilities identified to better assist us with our remediation process."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"The only thing that I don't find support for on Mend Prioritize is C++, which they'll be working on since the product is under development."
"We wanted to have certain reports based on our kind of scenario, but the tool did not allow us to create custom reports."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"Up until now, we were convinced that the return of investment was not really the case."
"The UI is not that friendly and you need to learn how to navigate easily."
"I would like to see the static analysis included with the open-source version."
 

Pricing and Cost Advice

Information not available
"The solution involves a yearly licensing fee."
"Pricing is competitive."
"As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
"The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
"Mend is costly but not overly expensive. The license was quite expensive this year, but we managed to negotiate the price down to the same as last year. At the same time, it's a good value. We're getting what we're paying for and still not using all the features. We could probably get more out of the tool and make it more valuable. At the moment, we don't have the capacity to do that."
"WhiteSource is much more affordable than Veracode."
"When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
"Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
904,146 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Healthcare Company
13%
Computer Software Company
12%
Construction Company
9%
Financial Services Firm
14%
Manufacturing Company
12%
Computer Software Company
11%
Construction Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise21
 

Questions from the Community

Ask a question
Earn 20 points
How does WhiteSource compare with SonarQube?
Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, ea...
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What is your experience regarding pricing and costs for Mend.io?
Mend.io SCA offers a competitive pricing structure that is relatively affordable compared to similar solutions in the market. This makes it an attractive option for organizations looking to enhance...
 

Also Known As

Sentinel Dynamic, WhiteHat Security Application Security Testing, Synopsys WhiteHat Dynamic
WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST
 

Overview

 

Sample Customers

Information Not Available
Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Dynamic Application Security Testing (DAST). Updated: July 2026.
904,146 professionals have used our research since 2012.