2019-09-19T08:39:00Z

What needs improvement with Mend.io?

Miriam Tover - PeerSpot reviewer
  • 0
  • 61
PeerSpot user
Get the report
Helped 765,386 peers since 2012
22

22 Answers

SM
Real User
Top 20
2023-09-26T06:29:00Z
Sep 26, 2023

I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant.

Search for a product comparison
Bruno Lavit - PeerSpot reviewer
Real User
Top 20
2023-04-23T11:35:00Z
Apr 23, 2023

On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization. They also need to provide customizable reports. As a customer, I would like to create my own reports by selecting the relevant columns and data and saving these reports. That way, people in our organization could go to the Mend UI and generate these reports. That feature is not available. One other area where they could improve would be implementing a version number between the product and projects. In some tools, you can manage the version. Today, in Mend.io, I have to create one product for every version (such as 7.1, 7.2, and 7.3). Many are requesting that Mend provide a version number field. The last issue is the UI. They have been trying to improve the UI for many years. It has been taking a long time. It would be really nice to have a nice, modern UI so that developers could say to their managers, "Wow, it's new, it's nice, it works well, and it's fast."

KW
Real User
Top 20
2023-01-10T19:59:00Z
Jan 10, 2023

Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't. Also, the dashboard is busy. It's a little bit over-engineered. There's a lot of information, and the layout could be a bit cleaner. Maybe they could reduce the amount of visibility on the dashboard.

GP
Real User
Top 20
2022-07-17T14:21:00Z
Jul 17, 2022

We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap. I consider scan reports to be another area for improvement, but this is also an area of improvement for user management on our end. We need to train end users on how to deal with alerts and the best approach to take for new projects. We have weekly meetings with Mend and encourage all users who integrate the solution into their product life cycle to attend. This has been very useful, as these technical meetings assist our staff in the best use practices and improving their interpretation of reports, which allows us to leverage the product to our greatest advantage. We are also able to ask for solutions adaptations to suit our requirements, as we produce hardware as a company, not virtual products.

Kevin Dsouza - PeerSpot reviewer
Real User
Top 10
2022-07-06T19:15:30Z
Jul 6, 2022

All applications in the world that are created have room for improvement. Within Mend itself, there’s Mend Prioritize, which prioritizes the vulnerability automatically by itself with relevance to our application. Mend Prioritize has support for five or six languages right now, including JavaScript, C, and C#. The only thing that I don't find support for on Mend Prioritize is C++, which they'll be working on since the product is under development. Once that's done, we can also add it into Mend Prioritize for our weekly scans, which will help us with our analysis and efforts for remediation. It's everything we need right now. There's nothing as such that’s out of the world that they should do. We use it just for one thing and focus on that. Therefore, they should not do anything else. We're fine with it as it is.

ZvikaRonen - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-05-15T12:32:00Z
May 15, 2022

The pricing model needs some changes. It is being offered in bulks of a minimum of 20 developers, which means that small startups with less than 20 developers cannot afford to buy the minimum bulk. There is no flexible pricing model to choose a plan with partial functionality and for less than 20. The GUI should support the export of multiple SBOM formats, today this is the transparency expected by federal agencies from companies that write software. There is no one standard yet in the industry for SBOM, so leading tools like WhiteSource should be able to support multiple formats.

Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Nils Hedström - PeerSpot reviewer
Real User
Top 10
2022-05-12T11:02:45Z
May 12, 2022

WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance.

Ben Dyer - PeerSpot reviewer
Real User
Top 10
2022-05-10T15:47:00Z
May 10, 2022

If I had to choose one area of improvement, it would be to have the support system in one place. At the moment, all matters regarding support run through Salesforce SaaS solutions. I'm sure there are more improvements that can happen with WhiteSource’s IDE tool, however, it's still useful. We still have an open ticket regarding some slow scans since we have some fairly complex projects that take a long time to scan. That's been the only slightly negative experience with the tool and we work hard to try to fix it. WhiteSource is working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application. Although we are used to it, when filtering lists, we feel like we are using an application from the 1990s. It's my understanding that they have some improvements coming and I hope to take part in a trial for that. I've also recently looked at their SaaS tool. I've done a trial with it and at the moment it’s a separate product. I'd like to see all of the products merged into one, so that there would be one place to go for everything and all of the support, FaaS, SCA, and more.

MR
Real User
2022-01-23T17:06:21Z
Jan 23, 2022

The turnaround time for upgrading databases for this tool as well as the accuracy could be improved. It would be good if containerization could be included under the current licensing but this is not something I have looked into.

SK
Real User
2021-08-30T10:35:31Z
Aug 30, 2021

I am not clear if WhiteSource provides on-premises service. I know that its competitors provide on-premises and SaaS-based services for the same licensing fee and model, but I am not sure if this applies to WhiteSource, as well. I believe it does not. It is preferable to use on-cloud services, although on-premises one should equally be an option, if I would prefer to not go for SaaS-based hosting. The licensing model should be the same for the different options. The initial setup could be simplified.

AH
Real User
2021-07-01T10:13:31Z
Jul 1, 2021

The solution lacks the code snippet part. I plan to raise this issue with those at WhiteSource.

ZD
Real User
2021-02-22T14:10:50Z
Feb 22, 2021

We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail.

WL
Real User
2021-01-15T20:36:24Z
Jan 15, 2021

It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process.

NK
Real User
2020-01-16T08:31:00Z
Jan 16, 2020

The dashboard UI and UX are problematic. This solution looks like a 1995 web site and it's very hard to understand what the issue is and why it failed.

reviewer1261788 - PeerSpot reviewer
Vendor
2020-01-07T12:57:00Z
Jan 7, 2020

The UI is not that friendly and you need to learn how to navigate easily. It also doesn’t run as smoothly as I would want or expect, and I believe it requires some improvements. That said, the Success team is very attentive and does reply and answer related matters quite fast. Currently, effective vulnerabilities are only available in two languages, which is great, but I would be very happy to see more languages. It does cover most of our libraries, but we do have other languages in use. More coverage on that aspect would be helpful.

reviewer1264290 - PeerSpot reviewer
Real User
2020-01-06T10:07:00Z
Jan 6, 2020

It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding.

reviewer1257792 - PeerSpot reviewer
Real User
2019-12-31T07:22:00Z
Dec 31, 2019

WhiteSource Prioritize should be expanded to cover more than Java and JavaScript. We are currently using WhiteSource Prioritize for Java and it cuts our vulnerability alerts by almost 90%. However, Prioritize doesn't cover python or other languages at this point and our developers are required to deal with many open source security alerts. The problem is that now our developers are aware that most open source security alerts are not impacting the security of their applications and it's harder to get their cooperation. We are waiting for WhiteSource to announce support ifor Python and other languages.

AM
Vendor
2019-12-26T12:47:00Z
Dec 26, 2019

The changes that we would like to see are mostly usability issues. The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved. The UI is also too crowded. I believe that less information, or a different data summary, can be more readable. I know this is something they’re currently working on, but not sure where it stands. Reporting could be easier, as it does not export filtered-down lists. It would be really valuable to add the ability to customize options in the reports.

reviewer1255491 - PeerSpot reviewer
Real User
2019-12-23T12:59:00Z
Dec 23, 2019

The agent usage was not as smooth as the online experience. It lacks in terms of documentation and the errors and warnings it produces are not always very clear. We were able to get it up and running in a short while by getting help from support, which was very approachable and reliable. If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation. I would also like to get better integration with Google Docs.

reviewer1250697 - PeerSpot reviewer
Vendor
2019-12-12T22:32:00Z
Dec 12, 2019

Places in need of improvement are: * Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting. * Manual uploads of "wsjson" files can only be done by a global admin. Product administrators should be given this right for uploading files to their products/projects. * Better support for proxies is needed when running the unified file agent behind a proxy. It can be made to work, but the Java proxy config and cert trust for MitM traffic inspection are very painful to set up.

reviewer1250700 - PeerSpot reviewer
Real User
2019-12-12T14:38:00Z
Dec 12, 2019

WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers. This solution needs better support and customer service.

DH
Real User
2019-09-19T08:39:00Z
Sep 19, 2019

We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running. This would give us some sort of automated assurance. This is probably the feature that we'd most like to see.

Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t...
Download Mend.io ReportRead more

Related Q&As