We performed a comparison between Invicti and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"Its ability to crawl a web application is quite different than another similar scanner."
"Invicti is a good product, and its API testing is also good."
"The scanner and the result generator are valuable features for us."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The scanner is light on the network and does not impact the network when scans are running."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The overall support that we receive is pretty good. "
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The scanner itself should be improved because it is a little bit slow."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The solution needs to make a more specific report."
"Maybe the ability to make a good reporting format is needed."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
Invicti is ranked 20th in Application Security Tools with 25 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Invicti is rated 8.2, while Mend.io is rated 8.4. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and Qualys Web Application Scanning, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode. See our Invicti vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.