Mend.io Reviews

Name: Mend.io
Brand: Mend.io
Rating: 4.2 (30 reviews)

Vendor: Mend.io

4.2 out of 5

30 reviews
96% willing to recommend

654 followers

Start review

What is Mend.io?

Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

Get the Mend.io Buyer's Guide and find out what your peers are saying about Mend.io, SonarQube Server (formerly SonarQube), GitLab and more!

Mend.io is the #2 ranked solution in top Software Supply Chain Security solutions, #4 ranked solution in top Static Code Analysis solutions, #6 ranked solution in top Software Composition Analysis (SCA) solutions, and #17 ranked solution in application security solutions. PeerSpot users give Mend.io an average rating of 8.4 out of 10. Mend.io is most commonly compared to SonarQube Server (formerly SonarQube): Mend.io vs SonarQube Server (formerly SonarQube). Mend.io is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 17% of all views.

Helped 850,747 peers since 2012

Featured Mend.io reviews

meetharoon

CEO at a computer software company with 10,001+ employees

We have witnessed Mend.io for its high stability, consistently living up to our expectations in terms of performance and reliability. Our developers have reported very few issues and almost minimal to zero downtime, which is a critical factor for our organization to rely on Mend SCA to secure our applications. We didn't experience any major issues in the stability of the product. This level of dependability is crucial for our hundreds of development teams that need to maintain continuous integration and deployment processes without interruptions. We realize the solution's architecture is designed to support a wide range of use cases, making it suitable for organizations of varying sizes and complexities. As a SaaS (Software as a Service) offering, Mend.io eliminates the need for physical server management, which further contributes to its stability. Users can access the platform without worrying about hardware failures or maintenance issues that can affect on-premises solutions. Moreover, Mend.io's integration capabilities with existing workflows—including IDEs, repositories, and CI/CD pipelines—enhance its stability by providing a seamless user experience. This integration allows teams to incorporate security scanning into their development processes without significant disruptions, which is often a challenge with less stable solutions. Feedback from our developers and architects highlights the tool's effectiveness in reducing open-source software vulnerabilities while maintaining a streamlined development lifecycle. Our organization have experienced improved code quality and faster incident response times as a result of using Mend.io. The platform's intuitive dashboard and management views are also praised by our developers for their usability, contributing to a positive user experience. In short, Mend.io stands out as a dependable and reliable solution in the realm of software composition analysis. Its high stability, combined with robust integration capabilities and user-friendly features, makes it an excellent choice for organizations seeking to enhance their security posture while minimizing operational disruptions.

Read full review

Jeffrey Harker

System Manager of Cloud Engineering at Common Spirit

Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Governance up until that time had been manual and when we tried to do manual governance of a large codebase, our chances of success were pretty minimal. Mend (formerly WhiteSource) does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release. We use Mend (formerly WhiteSource) Smart Fix. I’d say pretty much everything in Mend (formerly WhiteSource) is easy to use. We really don't have too much difficulty using the product at all. I've implemented other scanners and tools and had much more trouble with those products than we've ever had with Mend (formerly WhiteSource). That’s extremely important. It's hard to sell to some of these teams to put any level of overhead on top of their product development efforts and the fact that Mend (formerly WhiteSource) is as easy as it is to use is a critical aspect of adoption here. It scores very highly on that scale. Mend (formerly WhiteSource) Smart Fix helps our developers fix vulnerable transitive dependencies. It's all very helpful to our development community. First of all, we're able to find that there are issues. Second of all, we're able to figure out very quickly what needs to be done to remediate the issues. Mend (formerly WhiteSource) helped reduce our mean time to resolution since adopting it. A lot of it is process improvement and technical aspects that can tell us how to go about remediating the issues. We get that out of Mend (formerly WhiteSource). Making the developers aware that these issues are there and insisting they be corrected and making the effort to do that visibly is very valuable to us. Overall, Mend (formerly WhiteSource) helped dramatically reduce the number of open-source software vulnerabilities running in our production at any given point in time. I won't give metrics, however, it's fair to say that our state before and after Mend (formerly WhiteSource) is dramatically different and moved in a positive direction. Mend's ability to integrate our developer's existing workflows, including their IDE repository and CI is good. Azure DevOps is really important. That's what the pipelines are. That's a very important piece of the entire puzzle. If this was just an external scanner where periodically we'd go through and scan our repos and give them a report, we’d do that with pen testing products, for example, for security testing. The problem is, by the time they get those reports, they've already shipped the code to multiple environments and it's too late to stop the train. With these features being baked into the pipelines like this, they know immediately. As a result, we're able to quickly take action to remediate findings.

Read full review

Kevin Dsouza

Intramural OfficialIntramural at Northeastern University

All applications in the world that are created have room for improvement. Within Mend itself, there’s Mend Prioritize, which prioritizes the vulnerability automatically by itself with relevance to our application. Mend Prioritize has support for five or six languages right now, including JavaScript, C, and C#. The only thing that I don't find support for on Mend Prioritize is C++, which they'll be working on since the product is under development. Once that's done, we can also add it into Mend Prioritize for our weekly scans, which will help us with our analysis and efforts for remediation. It's everything we need right now. There's nothing as such that’s out of the world that they should do. We use it just for one thing and focus on that. Therefore, they should not do anything else. We're fine with it as it is.

Read full review

Mend.io mindshare

Product category:

As of May 2025, the mindshare of Mend.io in the Software Composition Analysis (SCA) category stands at 7.8%, down from 8.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Composition Analysis (SCA)

PeerResearch reports based on Mend.io reviews

Type	Title	Date
Category	Software Composition Analysis (SCA)	May 10, 2025	Download
Product	Reviews, tips, and advice from real users	May 10, 2025	Download
Comparison	Mend.io vs Black Duck	May 10, 2025	Download
Comparison	Mend.io vs Veracode	May 10, 2025	Download
Comparison	Mend.io vs Snyk	May 10, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	N/A	81%	114 interviews Add to research
GitLab	4.3	4.4%	97%	84 interviews Add to research

Valuable Features

Mend.io users value its ability to scan and detect vulnerabilities in open-source dependencies, manage licenses and copyrights, and provide comprehensive dashboards. The integration with continuous integration/continuous deployment tools enhances workflow. Features like fix suggestions, trace analysis, and policy automation improve remediation speed. The extensive support for languages and integration with developer tools is appreciated. Users find inventory management, license alerts, and vulnerability reports particularly useful, significantly enhancing their governance and compliance strategies.

"Mend.io is very robust in terms of managing third-party dependencies."
"Mend.io is very robust in terms of managing third-party dependencies."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."

Room for Improvement

Mend.io users suggest several improvements, focusing on notifications, role management, and user interface. Instability in certain browsers and communication issues with web browsers impact usability. Some users note challenges with container scanning and proxy support. Improved documentation and broader language support are requested. Automated features in continuous integration pipelines and enhanced report customization would be beneficial. Improved pricing flexibility for smaller teams and modernized visual design could enhance overall satisfaction.

"AI integration in code security tools like Mend.io is still in its early stages and relatively immature."
"AI integration in code security tools like Mend.io is still in its early stages and relatively immature."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."

ROI

Mend.io leads to time savings, enhanced code quality, and reduced vulnerabilities, increasing security awareness. Users notice improved resource allocation and cost reduction through decreased manual efforts. While ROI calculation can be complex, many report returns through enhanced compliance and risk avoidance. Some highlight sixfold gains in new sales and cross-sales. The tool's contribution to avoiding security breaches adds unquantifiable value, with positive confirmation highlighted in multiple users' experiences. Challenges include assessing full coverage.

Pricing

Mend.io's pricing for enterprise buyers varies, with some users highlighting competitive and transparent models, especially for contributing developers. There are flat rates that don't charge per language or run, offering predictability in costs. However, smaller startups may find the minimum license for 20 developers costly. While Mend.io provides good value and negotiable rates, some perceive it expensive with room for improvement in flexibility. The solution's setup costs are generally considered reasonable, offering scalability.

"It is fairly priced."
"Over the last two years, they have tried to add more and more features to their license packages, but the price is a little bit high, comparatively."
"Mend is costly but not overly expensive. The license was quite expensive this year, but we managed to negotiate the price down to the same as last year. At the same time, it's a good value. We're getting what we're paying for and still not using all the features. We could probably get more out of the tool and make it more valuable. At the moment, we don't have the capacity to do that."

Popular Use Cases

Mend.io is primarily used for identifying third-party and open-source libraries to assess vulnerabilities and manage licensing risks. Users integrate it with development pipelines, enabling automated scans and licensing compliance in environments like Azure, Jenkins, and GitHub. It facilitates vulnerability detection, compliance reporting, and automated issue management on platforms like JIRA. Users across varied industries use it to ensure open-source governance and maintain security and legality standards in software development.

Service and Support

Mend.io's customer service is highly rated, scoring between eight and nine out of ten. Users highlight prompt and reactive responses, regular engagements, and knowledgeable support staff. They appreciate the timely handling of issues, effective communication through shared channels, and comprehensive technical knowledge. While some find certain aspects average or confusing, the general consensus is positive, praising the responsiveness and efficiency of Mend.io's support, particularly in dealing with technical challenges and maintaining strong client relationships.

Deployment

Many found Mend.io's initial setup straightforward, with some completing it in under an hour. They appreciated its documentation and supportive customer service. Some noted minor complexities, especially with integration and configuration, yet found it manageable with guidance. Others highlighted ease with cloud deployment, though they mentioned the need for periodic adjustments. The tool's simplicity in connecting repositories was acknowledged, with varied experiences in scan times and maintenance based on company needs.

Scalability

Mend.io exhibits strong scalability with no major issues reported. Organizations handle numerous projects and deployments, with Mend.io reliably managing extensive codebases and a significant number of users worldwide. Some challenges are noted with handling large lists or complex codebases, prompting improvements. The platform is adaptable to integration with various tools and environments. Scalability is supported by its SaaS nature, effectively managing performance even with increasing usage and demands.

Stability

Users find Mend.io generally stable, although some encounters with Internet Explorer and occasional feature issues cause concern. Most describe it as solid, with rare occurrences of downtime. Mend.io shows stability improvement, with users noting swift resolutions to past hiccups. Some mention slowness or pipeline integration limitations, yet appreciate its reliability. While occasional criticism arises, Mend.io's stability is viewed positively, especially when used with browsers like Chrome or Firefox.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Mend.io Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

15%

Manufacturing Company

12%

Insurance Company

Energy/Utilities Company

Healthcare Company

Educational Organization

Government

Retailer

Comms Service Provider

University

Real Estate/Law Firm

Construction Company

Legal Firm

Non Profit

Media Company

Consumer Goods Company

Hospitality Company

Pharma/Biotech Company

Transportation Company

Outsourcing Company

Recreational Facilities/Services Company

Wholesaler/Distributor

Performing Arts

Aerospace/Defense Firm

Logistics Company

Compare Mend.io with alternative products

Learn more about Mend.io

Mend.io Features

Mend.io has many valuable key features. Some of the most useful ones include:

Vulnerability analysis
Automated remediation
Seamless integration
Business prioritization
Limitless scalability
Intuitive interface
Language support
Integration
Continuous monitoring
Remediation suggestions
Customization

Mend.io Benefits

There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

Easy to use: The Mend.io platform is very user-friendly and easy to set up.

Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.

Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.

Broad support: Mend.io provides 27 different programming languages and various programming frameworks.

Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.

Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.

Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

Mend.io was previously known as WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST.