We performed a comparison between Mend.io and Polyspace Code Prover based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."For us, the most valuable tool was open-source licensing analysis."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"The solution is scalable."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"Polyspace Code Prover is a very user-friendly tool."
"The outputs are very reliable."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"The product detects memory corruptions."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"The UI is not that friendly and you need to learn how to navigate easily."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like the data to be taken from any format."
"The tool has some stability issues."
"Using Code Prover on large applications crashes sometimes."
"Automation could be a challenge."
Mend.io is ranked 5th in Application Security Tools with 29 reviews while Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews. Mend.io is rated 8.4, while Polyspace Code Prover is rated 7.6. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode, whereas Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork, CodeSonar and Parasoft SOAtest. See our Mend.io vs. Polyspace Code Prover report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.