Mend.io Reviews

Name: Mend.io
Brand: Mend.io
Rating: 4 (11 reviews)

Vendor: Mend.io

4.2 out of 5

11 reviews

724 followers

Post review

What is Mend.io?UNIXBusinessApplication
Price:

Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

Get the Mend.io Buyer's Guide and find out what your peers are saying about Mend.io, SonarQube, Black Duck and more!

Helped 733,828 peers since 2012

Featured reviews

Jeffrey Harker

System Manager of Cloud Engineering at Common Spirit

May 12, 2022

Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Governance up until that time had been manual and when we tried to do manual governance of a large codebase, our chances of success were pretty minimal. Mend (formerly WhiteSource) does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release. We use Mend (formerly WhiteSource) Smart Fix. I’d say pretty much everything in Mend (formerly WhiteSource) is easy to use. We really don't have too much difficulty using the product at all. I've implemented other scanners and tools and had much more trouble with those products than we've ever had with Mend (formerly WhiteSource). That’s extremely important. It's hard to sell to some of these teams to put any level of overhead on top of their product development efforts and the fact that Mend (formerly WhiteSource) is as easy as it is to use is a critical aspect of adoption here. It scores very highly on that scale. Mend (formerly WhiteSource) Smart Fix helps our developers fix vulnerable transitive dependencies. It's all very helpful to our development community. First of all, we're able to find that there are issues. Second of all, we're able to figure out very quickly what needs to be done to remediate the issues. Mend (formerly WhiteSource) helped reduce our mean time to resolution since adopting it. A lot of it is process improvement and technical aspects that can tell us how to go about remediating the issues. We get that out of Mend (formerly WhiteSource). Making the developers aware that these issues are there and insisting they be corrected and making the effort to do that visibly is very valuable to us. Overall, Mend (formerly WhiteSource) helped dramatically reduce the number of open-source software vulnerabilities running in our production at any given point in time. I won't give metrics, however, it's fair to say that our state before and after Mend (formerly WhiteSource) is dramatically different and moved in a positive direction. Mend's ability to integrate our developer's existing workflows, including their IDE repository and CI is good. Azure DevOps is really important. That's what the pipelines are. That's a very important piece of the entire puzzle. If this was just an external scanner where periodically we'd go through and scan our repos and give them a report, we’d do that with pen testing products, for example, for security testing. The problem is, by the time they get those reports, they've already shipped the code to multiple environments and it's too late to stop the train. With these features being baked into the pipelines like this, they know immediately. As a result, we're able to quickly take action to remediate findings.

Read full review

Ben Dyer

Head of Software Engineering at a legal firm with 1,001-5,000 employees

May 10, 2022

If I had to choose one area of improvement, it would be to have the support system in one place. At the moment, all matters regarding support run through Salesforce SaaS solutions. I'm sure there are more improvements that can happen with WhiteSource’s IDE tool, however, it's still useful. We still have an open ticket regarding some slow scans since we have some fairly complex projects that take a long time to scan. That's been the only slightly negative experience with the tool and we work hard to try to fix it. WhiteSource is working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application. Although we are used to it, when filtering lists, we feel like we are using an application from the 1990s. It's my understanding that they have some improvements coming and I hope to take part in a trial for that. I've also recently looked at their SaaS tool. I've done a trial with it and at the moment it’s a separate product. I'd like to see all of the products merged into one, so that there would be one place to go for everything and all of the support, FaaS, SCA, and more.

Read full review

Shashidhar Gowda

Program and Portfolio Management at Acceldata

Mar 2, 2022

We did not have much security compliance implemented in our solutions. Whatever we did, we had to use the AWS built-in OWASP scanning, and we had to manually find out the versions of the open sources that fixed the issues of vulnerability. We then had to make sure that that updated version is sent in and code merged for a test. We found sometimes it took a lot of research to make sure that the version that we are upgrading to did fix the issue, et cetera. However, this is all manual research and is dependent on the knowledge of the developer or the engineer who did this work. It took time and did not ensure a high percentage of security compliance. With WhiteSource in place, we are going to be able to do the whole process automatically and it will be confident that we removed the vulnerabilities and license violations. We are saving time that we spent on resources because we no longer have to do it manually. We will now have confidence that there are not many errors made. We are able to do much more vulnerability fixing than we did manually, there are cost-savings, and less work involved.

Read full review

Pricing

Mend.io's pricing is seen as high by some, but others find it comparable to other tools or negotiable. Some customers feel that they are getting good value for what they pay, while others feel that the pricing could be improved. The licensing model for Mend.io requires a minimum of 20 developers.

ROI

Mend.io has resulted in various returns on investment for different companies. One company is saving 15 percent of their time and achieving a big financial gain, while also delivering safer products for their customers. Another company has seen an improvement in code quality and incident reaction. Some companies have seen a terrific ROI and rate the solution highly. However, there are also competitors in the space, and pricing may become a problem for Mend.io in the future. Additionally, the tool helps remove manual processes, which speeds up delivery and reduces costs in terms of compliance and risk avoidance. Overall, companies have seen a return on investment and expect to see it increase in the future through new sales and cross-sales.

Primary Use Case

Mend is primarily used for detecting and fixing vulnerabilities in products and delivering security reports during product releases. It covers license usage, license type, and CVE vulnerabilities. Mend is deployed on the AWS cloud and has multi-region enabled. It is used to automate software composition analysis, particularly for third-party and open-source software. Mend is also used for code analysis and management of open-source associated risks. It allows for scanning open-source libraries and checking for vulnerabilities and open-source licenses. Policies can be set to disallow risky open sources from being used in solutions. Mend's deployment is hybrid, with scans on-premise and the knowledge base on the cloud.

Valuable Features

M.io is valued for its ease of setup and integration with Git providers and IDEs. Its command line tool and plug-ins automate scans and allow for continuous integration. Mend.io's ability to identify and remediate open-source vulnerabilities and its integration with developer workflows are highly appreciated. Mend.io's UI and scanning for security threats fit well into workflows, making it valuable to Intellectual Property Councils. Its vulnerability analysis and license distribution analysis are useful features for legal firms. Mend.io's Smart Fix helps developers fix vulnerable transitive dependencies and reduces mean time to resolution. Its ability to integrate with existing workflows, including IDEs, repositories, and CI/CD pipelines, is good. The dashboard view and the management view are also highly valued. Overall, Mend.io helps reduce the number of open-source software vulnerabilities running in production and streamlines around 60% of the software development life cycle via automation, while the remaining 40% requires human intervention.

Room for Improvement

Improvements needed on Mend.io include better reporting with customizable reports, implementing a version number between product and projects, improving the UI, adding preconfigured policies, reducing visibility on the dashboard, supporting more package managers, improving automation to human involvement ratio, improving user management, adding support for C++ in Mend Prioritize, having a central support system, improving latency for remediated findings, changing the pricing model, supporting multiple SBOM formats, having builds fail if important vulnerabilities are found, improving database upgrading turnaround time and accuracy, including static analysis in the open-source version, providing on-premises service, simplifying the initial setup, and adding a code snippet part.

Initial Setup

The initial setup for Mend.io was generally straightforward and easy, with some minor configuration needed to meet specific company requirements. Deployment and maintenance are low, with only a few key staff involved in the process. Implementation takes a few days, with minimal maintenance needed afterward. Overall, it was considered a simple and efficient process.

Scalability

The Mend.io solution is highly scalable, with users from multiple departments and locations, and the ability to handle increased usage without performance issues. One user had some difficulties with a large codebase but is working with the vendor to resolve the issue. The solution is used by a range of organizations, from those with only a few users to those with hundreds. Scalability is crucial for this type of software and is a prerequisite for a SaaS-based solution.

Customer Service and Support

Customers generally have positive feedback about Mend's customer service and support. They highlight the efficiency, responsiveness, and knowledgeability of the support team. Some customers also appreciate the option of having a dedicated customer support manager. However, some customers note that there may be room for improvement in terms of customer-friendliness and pricing compared to other solutions. Overall, customers rate Mend's support between seven and nine out of ten.

Stability

Overall, Mend.io is considered to be a highly stable solution with very few reported issues or downtime. While there have been a few minor hiccups in the past, these were swiftly resolved and did not impact the overall stability of the product. Users rate the stability of Mend.io very highly and consider it to be a dependable and reliable solution. Additionally, the solution is also scalable, meaning it can adapt to meet the changing needs of users over time.

Previous Solutions

Before switching to Mend.io, some companies had manual processes or tried using other tools to detect vulnerabilities, but they were not effective or efficient. Some companies switched to Mend.io for its proactive identification of vulnerabilities, immediate scanning of code, and ability to control releases. Other companies looked at various solutions before choosing Mend.io, and found it easier to use and more accurate than competitors like Black Duck. Some users also use multiple solutions, but Mend.io stands out for its legal guidance and ability to find unwanted license types.

Customer Service and Support rating

Mend.io has received overwhelmingly positive feedback regarding their customer service and support.

Deployment

The solution of Mend.io is being deployed in a mix of both public and private cloud environments. Some users are utilizing the public cloud deployment model, while others are opting for a private cloud setup. There does not seem to be a clear consensus on which deployment model is preferred, as both options have received positive feedback from reviewers.

Implementation Team

The implementation team for Mend.io seems to require very few people, with some users rolling out the solution themselves and others using only one person for deployment. Sales engineers were involved in some cases, but for CI/CD integration, a consultant was required. The team size varied between cases, with one user having only four people on their team.

Pricing

ROI

Primary Use Case

Valuable Features

Room for Improvement

Initial Setup

Scalability

Customer Service and Support

Stability

Previous Solutions

Customer Service and Support rating

Mend.io has received overwhelmingly positive feedback regarding their customer service and support.

Deployment

Implementation Team

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Mend.io Buyer's Guide for additional reliable information.

Learn more about Mend.io

Mend.io Features

Mend.io has many valuable key features. Some of the most useful ones include:

Vulnerability analysis
Automated remediation
Seamless integration
Business prioritization
Limitless scalability
Intuitive interface
Language support
Integration
Continuous monitoring
Remediation suggestions
Customization

Mend.io Benefits

There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

Easy to use: The Mend.io platform is very user-friendly and easy to set up.

Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.

Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.

Broad support: Mend.io provides 27 different programming languages and various programming frameworks.

Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.

Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.

Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

Mend.io was previously known as WhiteSource, Mend SCA.

Mend.io is the #3 ranked solution in top Software Composition Analysis (SCA) tools and #5 ranked solution in application security solutions. PeerSpot users give Mend.io an average rating of 8.4 out of 10. Mend.io is most commonly compared to SonarQube: Mend.io vs SonarQube. Mend.io is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.