The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business.
VP at a tech vendor with 5,001-10,000 employees
Provides the ability to identify security vulnerabilities and is fast and easy to implement
Pros and Cons
- "The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
- "The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
What is most valuable?
What needs improvement?
The turnaround time for upgrading databases for this tool as well as the accuracy could be improved.
It would be good if containerization could be included under the current licensing but this is not something I have looked into.
For how long have I used the solution?
I have been using this solution for four years.
What do I think about the stability of the solution?
This is a stable solution.
Buyer's Guide
Mend.io
December 2025
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
880,315 professionals have used our research since 2012.
What do I think about the scalability of the solution?
This is a scalable solution.
How are customer service and support?
This solution offers good support which we have used multiple times.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of this solution was straightforward and easy.
What's my experience with pricing, setup cost, and licensing?
This is an expensive solution.
When setting up this solution, it is important to have clear cut planning and to define the automation rules.
What other advice do I have?
I would recommend using WhiteSource. It has an edge over other tools in the market and is a faster solution.
WhiteSource is easy to integrate with the CICD pipeline and runs standalone scans as it is a SaaS deployment. Integration of this solution does not require much time or knowledge.
I would rate this solution a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free Mend.io Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2025
Product Categories
Software Composition Analysis (SCA) Application Security Tools Static Code Analysis Software Supply Chain SecurityPopular Comparisons
SonarQube
Snyk
GitLab
Checkmarx One
Veracode
Black Duck SCA
CrowdStrike Falcon Cloud Security
JFrog Xray
GitHub Advanced Security
OpenText Core Application Security
Acunetix
Sonatype Lifecycle
PortSwigger Burp Suite Professional
Aqua Cloud Security Platform
HCL AppScan
Buyer's Guide
Download our free Mend.io Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Camunda Platform compare with Apache Airflow?
- How does WhiteSource compare with SonarQube?
- How does WhiteSource compare with Black Duck?
- What tools do you rely on for building a DevSecOps pipeline?
- What alternatives are there for Fortify WebInspect and Fortify SCA?
- What is the best way to track open-source license compatibility?
- How long does SCA scanning take?
- Why is Software Composition Analysis (SCA) important for companies?
- Differences between Black Duck & Veracode
- What SCA solution do you recommend?
