Mend is the #3 ranked solution in top Software Composition Analysis (SCA) tools
and #6 ranked solution in application security solutions
. PeerSpot users give Mend an average rating of 7.8 out of 10.
Mend is most commonly compared to SonarQube: Mend vs SonarQube
. Mend is popular among the large enterprise segment,
accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a
computer software company, accounting for 24% of all views.
Mend Buyer's Guide
Download the Mend Buyer's Guide including reviews and more. Updated: January 2023
What is Mend?
Mend is a software composition analysis tool that secures what developers create. The solution provides automated reduction of software attack surface, reduces developer burdens, and accelerates app delivery. Mend provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violations alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend has many valuable key features. Some of the most useful ones include:
- Vulnerability analysis
- Automated remediation
- Seamless integration
- Business prioritization
- Limitless scalability
- Intuitive interface
- Language support
- Continuous monitoring
- Remediation suggestions
There are many benefits to implementing Mend. Some of the biggest advantages the solution offers include:
Easy to use: The Mend platform is very user friendly and easy to set up.
Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
Static code analysis: With Mend’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
Broad support: Mend provides 27 different programming languages and various programming frameworks.
Easy integration: Mend makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
Unified developer experience: Mend has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
Mend was previously known as WhiteSource.
Microsoft, Autodesk, NCR, Forgerock, The Home Depot, Bosch, IBM, GE digital, KPMG, LivePerson, Jack Henry and Associates