No more typing reviews! Try our Samantha, our new voice AI agent.
Mend.io Logo

Mend.io pros and cons

Vendor: Mend.io
4.2 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Mend.io automates license management, aiding in vulnerability detection and integration with CI/CD processes. It offers support for third-party dependency management and policy automation, enhancing security efforts. Fix suggestions and vulnerability alerts provide actionable insights for better remediation. Scalability reduces software vulnerabilities for efficiency gains. However, improvements are needed in setup simplicity, report generation speed, AI maturity, pricing, package manager support, and compliance framework integration.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Mend.io excels in automating license management, allowing for quick identification of vulnerabilities and licensing issues in open-source dependencies.
It integrates seamlessly with CI/CD processes and offers robust reporting features, making it easy to track vulnerabilities and take corrective actions.
Extensive support for third-party dependency management and policy automation helps streamline open-source security efforts.
Fix suggestions and automated vulnerability notifications provide actionable insights, enhancing remediation processes and security measures.
Scalability and the ability to reduce open-source software vulnerabilities provide significant efficiency gains and peace of mind.

CONS

Initial setup could be simplified and made less tedious.
Reports sometimes take too long to generate, and better integration with compliance frameworks is needed.
The AI integration in Mend.io is still immature, and pricing is a concern with high costs.
Mend.io lacks support for some common package managers used by users.
Mend.io should provide preconfigured policies to save time on manual configurations.
 

Mend.io Pros review quotes

meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Dec 17, 2025
Once we onboarded to Mend.io, we saw a drastic improvement in the way Mend.io reported the SCA findings.
Read full review
SM
Sonal Moon
Product Security Architect at a computer software company with 10,001+ employees
Jun 11, 2026
The home dashboard itself gives a very good analysis for Mend.io; this is not just for SCA, it is for SAST and container as well, and it gives entire analytics of how many vulnerabilities were found, how much was updated, and how much was fixed over the last three, six, and nine months.
Read full review
reviewer1252050 - PeerSpot reviewer
reviewer1252050
VP at a tech vendor with 5,001-10,000 employees
Oct 27, 2025
The features I find most valuable in Mend.io are the ease of use; it is very easy to access and integrate.
Read full review
Buyer's Guide
Mend.io
May 2026
Free Report: Mend.io Reviews and More
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
899,283 professionals have used our research since 2012.
meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Nov 28, 2024
Mend.io is very robust in terms of managing third-party dependencies.
Read full review
SR
SrikanthRaghavan
Principal Architect at a consultancy with 11-50 employees
May 19, 2025
Mend.io is a security tool that provides security feedback for all tests.
Read full review
SM
Sonal Moon
Product Security Architect at a computer software company with 10,001+ employees
Sep 26, 2023
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.
Read full review
reviewer1928817 - PeerSpot reviewer
reviewer1928817
Sr. Manager at a financial services firm with 10,001+ employees
Jul 31, 2022
Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.
Read full review
reviewer2165991 - PeerSpot reviewer
reviewer2165991
Release Manager at a tech vendor with 501-1,000 employees
Apr 23, 2023
What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.
Read full review
KW
Kieran Whelan
Principal Security Engineer at Texthelp Ltd.
Jan 10, 2023
There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.
Read full review
reviewer1915362 - PeerSpot reviewer
reviewer1915362
IT Service Manager at a wholesaler/distributor with 51-200 employees
Jul 17, 2022
I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.
Read full review
Show 10 more reviews (out of 33)
 

Mend.io Cons review quotes

meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Dec 17, 2025
We wanted to have certain reports based on our kind of scenario, but the tool did not allow us to create custom reports.
Read full review
SM
Sonal Moon
Product Security Architect at a computer software company with 10,001+ employees
Jun 11, 2026
For monitoring capabilities in Mend.io, I did not understand the maintenance part.
Read full review
reviewer1252050 - PeerSpot reviewer
reviewer1252050
VP at a tech vendor with 5,001-10,000 employees
Oct 27, 2025
The tools need to bring down the pricing because software in SaaS or on-prem is becoming a more expensive affair.
Read full review
Buyer's Guide
Mend.io
May 2026
Free Report: Mend.io Reviews and More
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
899,283 professionals have used our research since 2012.
meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Nov 28, 2024
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
Read full review
SR
SrikanthRaghavan
Principal Architect at a consultancy with 11-50 employees
May 19, 2025
The main consideration is the cost. The products always have their maturity.
Read full review
SM
Sonal Moon
Product Security Architect at a computer software company with 10,001+ employees
Sep 26, 2023
I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant.
Read full review
reviewer1928817 - PeerSpot reviewer
reviewer1928817
Sr. Manager at a financial services firm with 10,001+ employees
Jul 31, 2022
Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.
Read full review
reviewer2165991 - PeerSpot reviewer
reviewer2165991
Release Manager at a tech vendor with 501-1,000 employees
Apr 23, 2023
On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization.
Read full review
KW
Kieran Whelan
Principal Security Engineer at Texthelp Ltd.
Jan 10, 2023
Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.
Read full review
reviewer1915362 - PeerSpot reviewer
reviewer1915362
IT Service Manager at a wholesaler/distributor with 51-200 employees
Jul 17, 2022
We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.
Read full review
Show 10 more reviews (out of 33)

Product Categories

Product Categories
Software Composition Analysis (SCA)
Application Security Tools
Static Code Analysis
Software Supply Chain Security

Popular Comparisons

Popular Comparisons
SonarQube vs Mend.io Logo
SonarQube vs Mend.io
Snyk vs Mend.io Logo
Snyk vs Mend.io
Checkmarx One vs Mend.io Logo
Checkmarx One vs Mend.io
GitLab vs Mend.io Logo
GitLab vs Mend.io
Veracode vs Mend.io Logo
Veracode vs Mend.io
CrowdStrike Falcon Cloud Security vs Mend.io Logo
CrowdStrike Falcon Cloud Security vs Mend.io
JFrog Xray vs Mend.io Logo
JFrog Xray vs Mend.io
PortSwigger Burp Suite Professional vs Mend.io Logo
PortSwigger Burp Suite Professional vs Mend.io
Acunetix vs Mend.io Logo
Acunetix vs Mend.io
Black Duck SCA vs Mend.io Logo
Black Duck SCA vs Mend.io
Sonatype Lifecycle vs Mend.io Logo
Sonatype Lifecycle vs Mend.io
OpenText Core Application Security vs Mend.io Logo
OpenText Core Application Security vs Mend.io
Cortex Cloud by Palo Alto Networks vs Mend.io Logo
Cortex Cloud by Palo Alto Networks vs Mend.io
Docker vs Mend.io Logo
Docker vs Mend.io
GitHub Advanced Security vs Mend.io Logo
GitHub Advanced Security vs Mend.io
See all alternatives

Product Categories

Product Categories
Software Composition Analysis (SCA)
Application Security Tools
Static Code Analysis
Software Supply Chain Security

Popular Comparisons

Popular Comparisons
SonarQube vs Mend.io Logo
SonarQube vs Mend.io
Snyk vs Mend.io Logo
Snyk vs Mend.io
Checkmarx One vs Mend.io Logo
Checkmarx One vs Mend.io
GitLab vs Mend.io Logo
GitLab vs Mend.io
Veracode vs Mend.io Logo
Veracode vs Mend.io
CrowdStrike Falcon Cloud Security vs Mend.io Logo
CrowdStrike Falcon Cloud Security vs Mend.io
JFrog Xray vs Mend.io Logo
JFrog Xray vs Mend.io
PortSwigger Burp Suite Professional vs Mend.io Logo
PortSwigger Burp Suite Professional vs Mend.io
Acunetix vs Mend.io Logo
Acunetix vs Mend.io
Black Duck SCA vs Mend.io Logo
Black Duck SCA vs Mend.io
Sonatype Lifecycle vs Mend.io Logo
Sonatype Lifecycle vs Mend.io
OpenText Core Application Security vs Mend.io Logo
OpenText Core Application Security vs Mend.io
Cortex Cloud by Palo Alto Networks vs Mend.io Logo
Cortex Cloud by Palo Alto Networks vs Mend.io
Docker vs Mend.io Logo
Docker vs Mend.io
GitHub Advanced Security vs Mend.io Logo
GitHub Advanced Security vs Mend.io
See all alternatives
Related questions
  • 43
How does Camunda Platform compare with Apache Airflow?
  • 56
How does WhiteSource compare with SonarQube?
  • 125
How does WhiteSource compare with Black Duck?
  • 100
What tools do you rely on for building a DevSecOps pipeline?
  • 107
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 62
What is the best way to track open-source license compatibility?
  • 105
How long does SCA scanning take?
  • 304
Why is Software Composition Analysis (SCA) important for companies?
  • 92
Differences between Black Duck & Veracode
  • 91
What SCA solution do you recommend?