Mend vs Snyk Comparison 2023

Read 27 Veracode reviews

41,100 views|24,342 comparisons

Mend

Read 13 Mend reviews

19,920 views|14,073 comparisons

Snyk

Read 12 Snyk reviews

35,843 views|26,458 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Mend vs. Snyk

March 2023

Executive Summary

Updated on May 24, 2022

We performed a comparison between Snyk and WhiteSource based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

Ease of Deployment: Reviewers agree that the installation of both solutions is a straightforward and easy process.

Features: Users of both products are happy with their stability and scalability. Snyk users say it integrates well, is easy to use, has good visibility, and is fully automated. A couple of Snyk users mention that they would like more flexibility when setting up notifications. WhiteSource users like its dashboard and management views and say it has good reporting and trace analysis. Several WhiteSource users mention that its UI needs to be improved.

Pricing: Snyk users say it is reasonably priced, whereas most WhiteSource users feel it is an expensive product.
ROI: Reviewers of both products report seeing an ROI.

Service and Support: Users of both solutions report being satisfied with the level of support they receive.

Comparison Results: Snyk is the winner in this comparison. It is high performing with a good UI. In addition, it has excellent customer support and its users feel that it is reasonably priced.

To learn more, read our detailed Mend vs. Snyk Report (Updated: March 2023).

Download the complete report

685,707 professionals have used our research since 2012.

Featured Review

Daniel Krivda

DevOps Engineer at a insurance company

Researched Mend but chose Veracode: Provides us with an understanding of security bugs and security holes in our software

The possibility to integrate Azure is very valuable because you can have every build integrated into the content integration pipeline. So, you can... Read more →

Kevin Dsouza

Intramural OfficialIntramural at Northeastern University

Easy to set up with vulnerability analysis and is reliable

UmarQureshi

Security Lead at a retailer

Developer-friendly with many useful features in the works, but lacks in language and framework coverage

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode.""Good static analysis and dynamic analysis.""The Veracode technical support is very good. They are responsive and very knowledgeable.""The solution can scan old databases and old code written 20 years back.""Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful.""You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs.""I like the sandbox, the ability to upload compiled code, and how easy it is.""The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly."

More Veracode Pros →

"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.""We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.""WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.""I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.""The solution is scalable.""The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business.""The solution boasts a broad range of features and covers much of what an ideal SCA tool should.""The vulnerability analysis is the best aspect of the solution."

More Mend Pros →

"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best.""The code scans on the source code itself were valuable.""Snyk is a developer-friendly product.""The solution has great features and is quite stable.""It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones.""Our customers find container scans most valuable. They are always talking about it.""I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST.""A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."

More Snyk Pros →

Cons

"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking.""Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part.""The product has issues with scanning.""The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary.""Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode.""There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."

More Veracode Cons →

"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.""We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.""The initial setup could be simplified.""WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance.""They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.""Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.""It should support multiple SBOM formats to be able to integrate with old industry standards.""At times, the latency of getting items out of the findings after they're remediated is higher than it should be."

More Mend Cons →

"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good.""The solution could improve the reports. They have been working on improving the reports but more work could be done.""Compatibility with other products would be great.""Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release.""The log export function could be easier when shipping logs to other platforms such as Splunk.""It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front.""The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve""Basically the licensing costs are a little bit expensive."

More Snyk Cons →

Pricing and Cost Advice

"From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."

"The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."

"It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."

"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."

"There is a fee to scale up the solution which I consider expensive."

"I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."

"I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."

"There are no setup or implementation charges. They offer a free trial and free consulting services... The price depends on your requirements, your source code sizes, and how complicated your source code is."

More Veracode Pricing and Cost Advice →

"The solution involves a yearly licensing fee."

"As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."

"WhiteSource is much more affordable than Veracode."

"This is an expensive solution."

"When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."

"Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."

"We always negotiate for the best price possible, and as far as I know, Mend has done an excellent job with their pricing. Our management is happy with the pricing, which has led to renewals."

"Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."

More Mend Pricing and Cost Advice →

"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."

"It is pretty expensive. It is not a cheap product."

"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."

"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."

"We are using the open-source version for the scans."

"Cost-wise, it's similar to Veracode, but I don't know the exact cost."

"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."

"The price of the solution is expensive compared to other solutions."

More Snyk Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See Recommendations

685,707 professionals have used our research since 2012.

Questions from the Community

Which gives you more for your money - SonarQube or Veracode?

Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »

Read all 6 answers →

What do you like most about Veracode?

Top Answer:The user interface is excellent, the code review process is quick and provides great analytics to understand our code… more »

Read all 72 answers →

What is your experience regarding pricing and costs for Veracode?

Top Answer:It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as… more »

Read all 42 answers →

How does WhiteSource compare with SonarQube?

Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This… more »

How does WhiteSource compare with Black Duck?

Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is… more »

What do you like most about WhiteSource?

Top Answer:The license management of WhiteSource was at a good level. As compared to other tools that I have used, its… more »

Read all 11 answers →

How does Snyk compare with SonarQube?

Top Answer:Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to… more »

What do you like most about Snyk?

Top Answer:It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a… more »

Read all 16 answers →

What needs improvement with Snyk?

Top Answer:We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even… more »

Read all 16 answers →

Comparisons

SonarQube vs. Veracode

Compared 37% of the time.

Checkmarx vs. Veracode

Compared 14% of the time.

Micro Focus Fortify on Demand vs. Veracode

Compared 7% of the time.

OWASP Zap vs. Veracode

Compared 5% of the time.

Fortify WebInspect vs. Veracode

Compared 2% of the time.

More Veracode Competitors →

+ Add more products to compare

SonarQube vs. Mend

Compared 20% of the time.

Black Duck vs. Mend

Compared 19% of the time.

Checkmarx vs. Mend

Compared 5% of the time.

Sonatype Nexus Lifecycle vs. Mend

Compared 5% of the time.

JFrog Xray vs. Mend

Compared 4% of the time.

More Mend Competitors →

+ Add more products to compare

SonarQube vs. Snyk

Compared 27% of the time.

Black Duck vs. Snyk

Compared 11% of the time.

Checkmarx vs. Snyk

Compared 5% of the time.

Prisma Cloud by Palo Alto Networks vs. Snyk

Compared 5% of the time.

FOSSA vs. Snyk

Compared 2% of the time.

More Snyk Competitors →

+ Add more products to compare

Also Known As

WhiteSource

Learn More

Veracode

Mend

Snyk

Overview

Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

Mend is a software composition analysis tool that secures what developers create. The solution provides automated reduction of software attack surface, reduces developer burdens, and accelerates app delivery. Mend provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violations alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend reduce enterprise application security risk, it also helps developers meet deadlines faster.

Mend Features

Mend has many valuable key features. Some of the most useful ones include:

Vulnerability analysis
Automated remediation
Seamless integration
Business prioritization
Limitless scalability
Intuitive interface
Language support
Integration
Continuous monitoring
Remediation suggestions
Customization

Mend Benefits

There are many benefits to implementing Mend. Some of the biggest advantages the solution offers include:

Easy to use: The Mend platform is very user friendly and easy to set up.

Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.

Static code analysis: With Mend’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.

Broad support: Mend provides 27 different programming languages and various programming frameworks.

Easy integration: Mend makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.

Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.

Unified developer experience: Mend has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend solution.

Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

An IT Service Manager at a wholesaler/distributor comments, “Mend provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Benefits of Snyk

Some of the benefits of using Snyk include:

Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.

Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.

Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.

Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

Offer

Keep your software secure

Find out more

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Learn more about Mend

Learn More

Learn more about Snyk

Learn More

Sample Customers

State of Missouri, Rekner

Microsoft, Autodesk, NCR, Forgerock, The Home Depot, Bosch, IBM, GE digital, KPMG, LivePerson, Jack Henry and Associates

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief

Top Industries

REVIEWERS

Financial Services Firm31%

Computer Software Company11%

Insurance Company9%

Comms Service Provider6%

VISITORS READING REVIEWS

Computer Software Company19%

Financial Services Firm16%

Comms Service Provider8%

Manufacturing Company7%

REVIEWERS

Computer Software Company33%

Financial Services Firm11%

Wholesaler/Distributor6%

Energy/Utilities Company6%

VISITORS READING REVIEWS

Computer Software Company22%

Financial Services Firm13%

Comms Service Provider8%

Manufacturing Company7%

REVIEWERS

Financial Services Firm20%

Computer Software Company20%

Individual & Family Service10%

Comms Service Provider10%

VISITORS READING REVIEWS

Computer Software Company19%

Financial Services Firm12%

Comms Service Provider7%

Insurance Company6%

Company Size

REVIEWERS

Small Business25%

Midsize Enterprise22%

Large Enterprise52%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise12%

Large Enterprise71%

REVIEWERS

Small Business35%

Midsize Enterprise8%

Large Enterprise58%

VISITORS READING REVIEWS

Small Business19%

Midsize Enterprise13%

Large Enterprise68%

REVIEWERS

Small Business39%

Midsize Enterprise32%

Large Enterprise29%

VISITORS READING REVIEWS

Small Business22%

Midsize Enterprise14%

Large Enterprise64%

Buyer's Guide

Mend vs. Snyk

March 2023

Free Report: Mend vs. Snyk

Find out what your peers are saying about Mend vs. Snyk and other solutions. Updated: March 2023.

DOWNLOAD NOW

685,707 professionals have used our research since 2012.

Mend is ranked 4th in Software Composition Analysis (SCA) with 13 reviews while Snyk is ranked 2nd in Software Composition Analysis (SCA) with 12 reviews. Mend is rated 8.2, while Snyk is rated 8.0. The top reviewer of Mend writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Snyk writes "Does a good analysis from the licensing and open-source perspective, but the UI, reporting, and scanning should be better". Mend is most compared with SonarQube, Black Duck, Checkmarx, Sonatype Nexus Lifecycle and JFrog Xray, whereas Snyk is most compared with SonarQube, Black Duck, Checkmarx, Prisma Cloud by Palo Alto Networks and FOSSA. See our Mend vs. Snyk report.

See our list of best Software Composition Analysis (SCA) vendors and best Application Security Tools vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Mend vs Snyk comparison

Veracode

Mend

Snyk