Try our new research platform with insights from 80,000+ expert users
Mend.io Logo

Mend.io pros and cons

Vendor: Mend.io
4.2 out of 5
Badge Ranked 1
561 followers
Start review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Mend.io enables scanning and collecting of third-party libraries, classifying license types to ensure compliance with software policies.
Its reporting and license management features allow users to generate open-source license reports, providing full visibility into licensing and vulnerabilities.
The fix suggestions feature helps users trace vulnerabilities in code and provides remediation paths to resolve issues efficiently.
Mend.io supports multiple integrations, including CI/CD pipelines through platforms like Azure, ensuring seamless operation for development teams.
Mend.io contributes to reducing open-source software vulnerabilities and speeds up resolution times, enhancing overall security management.

CONS

Mend.io requires better access control lists and more role definitions to effectively support large organizations.
It lacks the ability to perform dynamic code analysis, which limits its functionality in certain areas.
There is a need for improved container and image scanning, specifically in distinguishing layers.
Partner relationship support is confusing and needs streamlining, especially when buying through resellers.
The initial setup of Mend.io can be complicated and should be simplified for better user experience.
 

Mend.io Pros review quotes

meetharoon - PeerSpot reviewer
Nov 28, 2024
Mend.io is very robust in terms of managing third-party dependencies.
Jeffrey Harker - PeerSpot reviewer
May 12, 2022
We set the solution up and enabled it and we had everything running pretty quickly.
Ben Dyer - PeerSpot reviewer
May 10, 2022
WhiteSource helped reduce our mean time to resolution since the adoption of the product.
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
856,873 professionals have used our research since 2012.
reviewer1915362 - PeerSpot reviewer
Jul 17, 2022
I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.
Shashidhar Gowda - PeerSpot reviewer
Mar 2, 2022
We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.
Kevin Dsouza - PeerSpot reviewer
Jul 6, 2022
The vulnerability analysis is the best aspect of the solution.
reviewer1928817 - PeerSpot reviewer
Jul 31, 2022
Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.
reviewer2165991 - PeerSpot reviewer
Apr 23, 2023
What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.
SM
Sep 26, 2023
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.
it_user832698 - PeerSpot reviewer
Mar 7, 2018
The overall support that we receive is pretty good. ​
 

Mend.io Cons review quotes

meetharoon - PeerSpot reviewer
Nov 28, 2024
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
Jeffrey Harker - PeerSpot reviewer
May 12, 2022
At times, the latency of getting items out of the findings after they're remediated is higher than it should be.
Ben Dyer - PeerSpot reviewer
May 10, 2022
They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
856,873 professionals have used our research since 2012.
reviewer1915362 - PeerSpot reviewer
Jul 17, 2022
We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.
Shashidhar Gowda - PeerSpot reviewer
Mar 2, 2022
I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.
Kevin Dsouza - PeerSpot reviewer
Jul 6, 2022
The only thing that I don't find support for on Mend Prioritize is C++.
reviewer1928817 - PeerSpot reviewer
Jul 31, 2022
Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.
reviewer2165991 - PeerSpot reviewer
Apr 23, 2023
On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization.
SM
Sep 26, 2023
I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant.
it_user832698 - PeerSpot reviewer
Mar 7, 2018
Make the product available in a very stable way for other web browsers.