Try our new research platform with insights from 80,000+ expert users
Mend.io Logo

Mend.io pros and cons

Vendor: Mend.io
4.2 out of 5
Badge Leader
645 followers
Start review

Pros & Cons summary

Mend.io offers scanning and classifying of third-party library licenses, ensuring policy compliance and risk identification with inventory and reporting features. Its open-source licensing analysis aids vulnerability resolution and supports various integrations. However, enhancements are needed in ACL, role definitions, pipeline blocking in Azure DevOps, container scanning, package manager support, and report generation efficiency for broader organizational benefits.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Mend.io enables scanning and collecting of third-party libraries to classify license types, ensuring compliance with third-party software policies.
The inventory feature compiles a list of all third-party libraries used, assisting in management and compliance.
Its vulnerability analysis and reporting capabilities help in identifying security threats promptly and efficiently.
Mend.io supports quick integration and setup, which allows organizations to rapidly start using its scanning capabilities.
The tool offers comprehensive open-source licensing analysis and provides automated reports for better decision-making.

CONS

Needs better ACL and more role definitions for large organizations.
Integration with ID and Shift Left is necessary to allow developers to see scan results without build failure.
Initial setup process could be simplified for users.
Turnaround time for upgrading databases and accuracy needs improvement.
Mend.io should support multiple SBOM formats to align with industry standards.
 

Mend.io Pros review quotes

meetharoon - PeerSpot reviewer
Nov 28, 2024
Mend.io is very robust in terms of managing third-party dependencies.
Read full review
Jeffrey Harker - PeerSpot reviewer
May 12, 2022
We set the solution up and enabled it and we had everything running pretty quickly.
Read full review
Ben Dyer - PeerSpot reviewer
May 10, 2022
WhiteSource helped reduce our mean time to resolution since the adoption of the product.
Read full review
Buyer's Guide
Mend.io
April 2025
Free Report: Mend.io Reviews and More
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
850,900 professionals have used our research since 2012.
reviewer1915362 - PeerSpot reviewer
Jul 17, 2022
I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.
Read full review
Shashidhar Gowda - PeerSpot reviewer
Mar 2, 2022
We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.
Read full review
Kevin Dsouza - PeerSpot reviewer
Jul 6, 2022
The vulnerability analysis is the best aspect of the solution.
Read full review
reviewer1928817 - PeerSpot reviewer
Jul 31, 2022
Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.
Read full review
reviewer2165991 - PeerSpot reviewer
Apr 23, 2023
What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.
Read full review
SM
Sep 26, 2023
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.
Read full review
it_user832698 - PeerSpot reviewer
Mar 7, 2018
The overall support that we receive is pretty good. ​
Read full review
Show 10 more reviews (out of 29)
 

Mend.io Cons review quotes

meetharoon - PeerSpot reviewer
Nov 28, 2024
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
Read full review
Jeffrey Harker - PeerSpot reviewer
May 12, 2022
At times, the latency of getting items out of the findings after they're remediated is higher than it should be.
Read full review
Ben Dyer - PeerSpot reviewer
May 10, 2022
They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.
Read full review
Buyer's Guide
Mend.io
April 2025
Free Report: Mend.io Reviews and More
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
850,900 professionals have used our research since 2012.
reviewer1915362 - PeerSpot reviewer
Jul 17, 2022
We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.
Read full review
Shashidhar Gowda - PeerSpot reviewer
Mar 2, 2022
I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.
Read full review
Kevin Dsouza - PeerSpot reviewer
Jul 6, 2022
The only thing that I don't find support for on Mend Prioritize is C++.
Read full review
reviewer1928817 - PeerSpot reviewer
Jul 31, 2022
Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.
Read full review
reviewer2165991 - PeerSpot reviewer
Apr 23, 2023
On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization.
Read full review
SM
Sep 26, 2023
I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant.
Read full review
it_user832698 - PeerSpot reviewer
Mar 7, 2018
Make the product available in a very stable way for other web browsers.
Read full review
Show 10 more reviews (out of 29)

Product Categories

Product Categories
Software Composition Analysis (SCA)
Application Security Tools
Static Code Analysis
Software Supply Chain Security

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Mend.io Logo
SonarQube Server (formerly SonarQube) vs Mend.io
GitLab vs Mend.io Logo
GitLab vs Mend.io
Snyk vs Mend.io Logo
Snyk vs Mend.io
Checkmarx One vs Mend.io Logo
Checkmarx One vs Mend.io
Veracode vs Mend.io Logo
Veracode vs Mend.io
Black Duck vs Mend.io Logo
Black Duck vs Mend.io
Fortify on Demand vs Mend.io Logo
Fortify on Demand vs Mend.io
GitHub Advanced Security vs Mend.io Logo
GitHub Advanced Security vs Mend.io
JFrog Xray vs Mend.io Logo
JFrog Xray vs Mend.io
Sonatype Lifecycle vs Mend.io Logo
Sonatype Lifecycle vs Mend.io
Fortify Static Code Analyzer vs Mend.io Logo
Fortify Static Code Analyzer vs Mend.io
Aqua Cloud Security Platform vs Mend.io Logo
Aqua Cloud Security Platform vs Mend.io
HCL AppScan vs Mend.io Logo
HCL AppScan vs Mend.io
PortSwigger Burp Suite Professional vs Mend.io Logo
PortSwigger Burp Suite Professional vs Mend.io
Qualys Web Application Scanning vs Mend.io Logo
Qualys Web Application Scanning vs Mend.io
See all alternatives

Product Categories

Product Categories
Software Composition Analysis (SCA)
Application Security Tools
Static Code Analysis
Software Supply Chain Security

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Mend.io Logo
SonarQube Server (formerly SonarQube) vs Mend.io
GitLab vs Mend.io Logo
GitLab vs Mend.io
Snyk vs Mend.io Logo
Snyk vs Mend.io
Checkmarx One vs Mend.io Logo
Checkmarx One vs Mend.io
Veracode vs Mend.io Logo
Veracode vs Mend.io
Black Duck vs Mend.io Logo
Black Duck vs Mend.io
Fortify on Demand vs Mend.io Logo
Fortify on Demand vs Mend.io
GitHub Advanced Security vs Mend.io Logo
GitHub Advanced Security vs Mend.io
JFrog Xray vs Mend.io Logo
JFrog Xray vs Mend.io
Sonatype Lifecycle vs Mend.io Logo
Sonatype Lifecycle vs Mend.io
Fortify Static Code Analyzer vs Mend.io Logo
Fortify Static Code Analyzer vs Mend.io
Aqua Cloud Security Platform vs Mend.io Logo
Aqua Cloud Security Platform vs Mend.io
HCL AppScan vs Mend.io Logo
HCL AppScan vs Mend.io
PortSwigger Burp Suite Professional vs Mend.io Logo
PortSwigger Burp Suite Professional vs Mend.io
Qualys Web Application Scanning vs Mend.io Logo
Qualys Web Application Scanning vs Mend.io
See all alternatives
Related questions
  • 4
How does Camunda Platform compare with Apache Airflow?
  • 29
How does WhiteSource compare with SonarQube?
  • 387
How does WhiteSource compare with Black Duck?
  • 67
What tools do you rely on for building a DevSecOps pipeline?
  • 53
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 50
What is the best way to track open-source license compatibility?
  • 64
How long does SCA scanning take?
  • 131
Why is Software Composition Analysis (SCA) important for companies?
  • 104
Differences between Black Duck & Veracode
  • 17
What SCA solution do you recommend?