We performed a comparison between HCL AppScan and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It provides a better integration for our ecosystem."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The security and the dashboard are the most valuable features."
"You can easily find particular features and functions through the UI."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"Technical support is helpful."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The overall support that we receive is pretty good. "
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"The dashboard view and the management view are most valuable."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"The product has some technical limitations."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"It has crashed at times."
"Scans become slow on large websites."
"They could add a software component analysis tool."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"The initial setup could be simplified."
"Make the product available in a very stable way for other web browsers."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. HCL AppScan is rated 7.8, while Mend.io is rated 8.4. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Invicti, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Coverity. See our HCL AppScan vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.