Try our new research platform with insights from 80,000+ expert users

Mend.io pros and cons

Vendor: Mend.io

4.2 out of 5

33 reviews
96% willing to recommend

Pros & Cons summary

Mend.io streamlines scanning and managing third-party libraries, ensuring license compliance and offering detailed reporting with a single click. It enhances security through robust inventory management and vulnerability fixes, integrated seamlessly with CI/CD platforms like Azure. Though setup is easy, it needs more role definitions and better ACL for large organizations. Expanding code analysis features and improving container scanning could further strengthen it, alongside faster package manager updates.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Mend.io enables scanning and collecting third-party libraries, classifying license types, and ensuring third-party software policy compliance.

Its reporting capabilities allow generating open-source license reports with all copyright and license information, including dependencies, in a single click.

Mend.io offers fix suggestions for vulnerabilities, providing specific traces and the best remediation paths.

It features robust inventory management and identification of security vulnerabilities, enhancing overall business security.

Mend.io is easy to set up, making integration and scanning quick and convenient, with seamless CI/CD integration through platforms like Azure.

CONS

Needs better ACL and more role definitions to support large organizations effectively.

Mend.io's functionality could be expanded to include static and dynamic code analysis.

Integration with DevOps tools is complicated, and a lack of preconfigured policy templates results in tedious manual configurations.

Scanning container images and layers needs improvement, along with enhanced identification of library locations in the source code.

The current support for package managers is limited, requiring faster updates when needed.

Mend.io Pros review quotes

Director at a media company with 1,001-5,000 employees

Dec 18, 2017

Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed.

Read full review

Head of Department for Software Engineering and Integration

Mar 7, 2018

The overall support that we receive is pretty good.

Read full review

DH

Technical Architect at Dwr Cymru Welsh Water

Sep 19, 2019

The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate.

Read full review

Free Report: Mend.io Reviews and More

Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

879,425 professionals have used our research since 2012.

reviewer1250700

Senior Productization Specialist at a tech services company with 51-200 employees

Dec 12, 2019

The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution.

Read full review

reviewer1250697

Works at a tech vendor with 1,001-5,000 employees

Dec 12, 2019

Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software.

Read full review

reviewer1255491

VP R&D at a tech services company with 11-50 employees

Dec 23, 2019

For us, the most valuable tool was open-source licensing analysis.

Read full review

AM

Founder & CEO at DealHub.io

May 28, 2020

Our dev team uses the fix suggestions feature to quickly find the best path for remediation.

Read full review

reviewer1257792

Co Founder at a consumer goods company with 11-50 employees

Jan 5, 2020

It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions.

Read full review

reviewer1264290

Project Manager at a wellness & fitness company with 11-50 employees

Jan 6, 2020

The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies.

Read full review

reviewer1261788

VP R&D at a computer software company with 51-200 employees

Jan 14, 2020

With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions.

Read full review

Show 10 more reviews (out of 32)

Mend.io Cons review quotes

Director at a media company with 1,001-5,000 employees

Dec 18, 2017

Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model.

Read full review

Head of Department for Software Engineering and Integration

Mar 7, 2018

Make the product available in a very stable way for other web browsers.

Read full review

DH

Technical Architect at Dwr Cymru Welsh Water

Sep 19, 2019

We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running.

Read full review

Free Report: Mend.io Reviews and More

Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

879,425 professionals have used our research since 2012.

reviewer1250700

Senior Productization Specialist at a tech services company with 51-200 employees

Dec 12, 2019

WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers.

Read full review

reviewer1250697

Works at a tech vendor with 1,001-5,000 employees

Dec 12, 2019

Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting.

Read full review

reviewer1255491

VP R&D at a tech services company with 11-50 employees

Dec 23, 2019

If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation.

Read full review

AM

Founder & CEO at DealHub.io

May 28, 2020

The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved.

Read full review

reviewer1257792

Co Founder at a consumer goods company with 11-50 employees

Jan 5, 2020

WhiteSource Prioritize should be expanded to cover more than Java and JavaScript.

Read full review

reviewer1264290

Project Manager at a wellness & fitness company with 11-50 employees

Jan 6, 2020

It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding.

Read full review

reviewer1261788

VP R&D at a computer software company with 51-200 employees

Jan 14, 2020

The UI is not that friendly and you need to learn how to navigate easily.

Read full review

Show 10 more reviews (out of 32)

Related questions

8

How does Camunda Platform compare with Apache Airflow?

14

How does WhiteSource compare with SonarQube?

153

How does WhiteSource compare with Black Duck?

31

What tools do you rely on for building a DevSecOps pipeline?

20

What alternatives are there for Fortify WebInspect and Fortify SCA?

26

What is the best way to track open-source license compatibility?

51

How long does SCA scanning take?

212

Why is Software Composition Analysis (SCA) important for companies?

29

Differences between Black Duck & Veracode

16

What SCA solution do you recommend?