Try our new research platform with insights from 80,000+ expert users

Mend.io pros and cons

Vendor: Mend.io

4.2 out of 5

32 reviews
96% willing to recommend

Pros & Cons summary

Mend.io provides open-source licensing analysis and vulnerability management with seamless CI/CD integration. It identifies security risks like Log4j in third-party dependencies, offering real-time feedback and automated reporting for license compliance and vulnerability tracking. While Mend.io excels in ease of use and vulnerability analysis, it could improve SBOM integration, partner support, and C++ compatibility. Enhancing the automation-to-human ratio and reporting capabilities to include frameworks like CIS and NIST is recommended.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Mend.io provides robust open-source licensing analysis and fix suggestions that help teams quickly address vulnerabilities.

The platform offers automated reports and full visibility into component usage, enhancing security decision-making.

Mend.io integrates effectively across various systems, including CI/CD pipelines, providing seamless operation.

Mend.io is praised for its quick setup time, allowing organizations to establish their scanning operations swiftly.

The ability to manage third-party dependencies and perform inventory management is highly valued by users.

CONS

Mend.io should improve partner relationship support, as the process is not streamlined when purchasing through a reseller.

Mend.io needs better integration with ID and Shift Left to allow developers to see scan results promptly.

The initial setup of Mend.io could be simplified for easier onboarding.

The current lack of multiple SBOM formats support hinders integration with older industry standards.

Mend.io requires improvements in scanning containers and images, particularly in distinguishing layers.

Mend.io Pros review quotes

CEO at a computer software company with 10,001+ employees

Nov 28, 2024

Mend.io is very robust in terms of managing third-party dependencies.

Read full review

System Manager of Cloud Engineering at Common Spirit

May 12, 2022

We set the solution up and enabled it and we had everything running pretty quickly.

Read full review

Head of Software Engineering at a legal firm with 1,001-5,000 employees

May 10, 2022

WhiteSource helped reduce our mean time to resolution since the adoption of the product.

Read full review

Free Report: Mend.io Reviews and More

Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.

872,846 professionals have used our research since 2012.

reviewer1915362

IT Service Manager at a wholesaler/distributor with 51-200 employees

Jul 17, 2022

I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.

Read full review

Shashidhar Gowda

Program and Portfolio Management at Acceldata

Mar 2, 2022

We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.

Read full review

Intramural OfficialIntramural at Northeastern University

Jul 6, 2022

The vulnerability analysis is the best aspect of the solution.

Read full review

reviewer1928817

Sr. Manager at a financial services firm with 10,001+ employees

Jul 31, 2022

Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.

Read full review

reviewer2165991

Release Manager at Ping Identity

Apr 23, 2023

What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.

Read full review

SM

Product Security Architect at Pitney Bowes Inc.

Sep 26, 2023

The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.

Read full review

Head of Department for Software Engineering and Integration

Mar 7, 2018

The overall support that we receive is pretty good.

Read full review

Show 10 more reviews (out of 31)

Mend.io Cons review quotes

CEO at a computer software company with 10,001+ employees

Nov 28, 2024

AI integration in code security tools like Mend.io is still in its early stages and relatively immature.

Read full review

System Manager of Cloud Engineering at Common Spirit

May 12, 2022

At times, the latency of getting items out of the findings after they're remediated is higher than it should be.

Read full review

Head of Software Engineering at a legal firm with 1,001-5,000 employees

May 10, 2022

They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.

Read full review

Free Report: Mend.io Reviews and More

Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.

872,846 professionals have used our research since 2012.

reviewer1915362

IT Service Manager at a wholesaler/distributor with 51-200 employees

Jul 17, 2022

We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.

Read full review

Shashidhar Gowda

Program and Portfolio Management at Acceldata

Mar 2, 2022

I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.

Read full review

Intramural OfficialIntramural at Northeastern University

Jul 6, 2022

The only thing that I don't find support for on Mend Prioritize is C++.

Read full review

reviewer1928817

Sr. Manager at a financial services firm with 10,001+ employees

Jul 31, 2022

Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.

Read full review

reviewer2165991

Release Manager at Ping Identity

Apr 23, 2023

On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization.

Read full review

SM

Product Security Architect at Pitney Bowes Inc.

Sep 26, 2023

I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant.

Read full review

Head of Department for Software Engineering and Integration

Mar 7, 2018

Make the product available in a very stable way for other web browsers.

Read full review

Show 10 more reviews (out of 31)

Related questions

6

How does Camunda Platform compare with Apache Airflow?

17

How does WhiteSource compare with SonarQube?

190

How does WhiteSource compare with Black Duck?

28

What tools do you rely on for building a DevSecOps pipeline?

22

What alternatives are there for Fortify WebInspect and Fortify SCA?

30

What is the best way to track open-source license compatibility?

49

How long does SCA scanning take?

208

Why is Software Composition Analysis (SCA) important for companies?

40

Differences between Black Duck & Veracode

14

What SCA solution do you recommend?