Mend Reviews

To my knowledge, we are using the latest, SaaS, version. 

The solution boasts a broad range of features and covers much of what an ideal SCA tool should. It covers the containers. One can create his teams and, should he encounter an issue, send an alert to the team's DL. 

I am quite happy with WhiteSource. It is very good and provides many things, including extensive reports involving vulnerabilities. 

I am not clear if WhiteSource provides on-premises service. I know that its competitors provide on-premises and SaaS-based services for the same licensing fee and model, but I am not sure if this applies to WhiteSource, as well. I believe it does not. 

It is preferable to use on-cloud services, although on-premises one should equally be an option, if I would prefer to not go for SaaS-based hosting. The licensing model should be the same for the different options. 

The initial setup could be simplified. 

I have been using WhiteSource for more than a year. 

The solution is very stable. 

It is a preferequisite that the solution is scalable, as it is SaaS-based. 

I have not had experience with customer support. 

The initial setup was of an intermediate complexity. It was neither complex, nor straightforward. It could have been easier. Understandably, it involved a certain amount of configuration. 

I cannot comment on billing, as this was handled by other departments in my previous organization. 

As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using. 

The reason I logged into the IT Central Station web site is because I was looking for crisp documentation so that I may compare WhiteSource with Black Duck. I did not find what I was looking for. All I found was a conglomerate of user experiences, not the research reports I was searching for.

I am currently using both of these products.

I rate Whitesource as an eight out of ten. 

We use WhiteSource for scanning open source libraries called SCA and both the vulnerabilities and open source licenses. We deployed WhiteSource with Azure DevOps.

WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.

WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance.

I have been using WhiteSource for a few years.

WhiteSource is a stable solution.

We have approximately 20 people using this solution in my organization.

I have not used technical support.

I have previously used other solutions, such as OWASP Dependency-Check, Snyk open-source, and CheckMark

The initial setup of WhiteSource is straightforward.

We did the deployment of the solution ourselves. We used one person for the deployment.

We have received a return on investment.

WhiteSource is a free solution to use.

We evaluated other solutions before choosing WhiteSource. We ended up choosing WhiteSource because of some of its unique features.

I rate WhiteSource a seven out of ten.

The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business. 

The turnaround time for upgrading databases for this tool as well as the accuracy could be improved. 

It would be good if containerization could be included under the current licensing but this is not something I have looked into.

I have been using this solution for four years.

This is a stable solution.

This is a scalable solution. 

This solution offers good support which we have used multiple times. 

Positive

The initial setup of this solution was straightforward and easy.

This is an expensive solution. 

When setting up this solution, it is important to have clear cut planning and to define the automation rules. 

I would recommend using WhiteSource. It has an edge over other tools in the market and is a faster solution. 

WhiteSource is easy to integrate with the CICD pipeline and runs standalone scans as it is a SaaS deployment. Integration of this solution does not require much time or knowledge. 

I would rate this solution a nine out of ten. 

I use the solution for free and open source scanning. 

The solution lacks the code snippet part. I plan to raise this issue with those at WhiteSource.

I have been using WhiteSource for more than a year. 

The solution is scalable. 

The solution is stable. 

The technical support is good, although not the best. It could be more customer friendly. 

The initial setup was straightforward.

Installation took no more than five minutes. 

CI/CD integration required the use of a consultant. 

We did not require much technical team for this. The team consists of four people. 

The solution involves a yearly licensing fee. 

There were only two products at this point in time which we evaluated, the solution being one of these. We plan to reevaluate its use. 

The solution is only cloud-based, not on-premises. 

It is user-friendly. 

There are around 50 people currently using it in our organization. 

I rate WhiteSource as an eight out of ten. 

The integration with Azure DevOps was good.

The results and the dashboard they provide are good.

It was pretty straightforward for me.

I would like to see the static analysis included with the open-source version. That would be good.

I used the trial version of WhiteSource for a month. We chose to work with Veracode instead.

It's was pretty stable. I don't have any complaints about the stability of WhiteSource.

I did not have any contact with the technical support. I did not have any issues in the time that I used this solution.

It was approximately $2,000 per year or per month, I don't recall exactly.

When compared with Veracode, Veracode was very very expensive. It was approximately $200,000.00 per year for the whole Suite.

WhiteSource is much more affordable than Veracode.

We are evaluating Veracode.

It was pretty good. I would rate WhiteSource an eight out of ten.