Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
M.io is valued for its ease of setup and integration with Git providers and IDEs. Its command line tool and plug-ins automate scans and allow for continuous integration. Mend.io's ability to identify and remediate open-source vulnerabilities and its integration with developer workflows are highly appreciated. Mend.io's UI and scanning for security threats fit well into workflows, making it valuable to Intellectual Property Councils. Its vulnerability analysis and license distribution analysis are useful features for legal firms. Mend.io's Smart Fix helps developers fix vulnerable transitive dependencies and reduces mean time to resolution. Its ability to integrate with existing workflows, including IDEs, repositories, and CI/CD pipelines, is good. The dashboard view and the management view are also highly valued. Overall, Mend.io helps reduce the number of open-source software vulnerabilities running in production and streamlines around 60% of the software development life cycle via automation, while the remaining 40% requires human intervention.
Improvements needed on Mend.io include better reporting with customizable reports, implementing a version number between product and projects, improving the UI, adding preconfigured policies, reducing visibility on the dashboard, supporting more package managers, improving automation to human involvement ratio, improving user management, adding support for C++ in Mend Prioritize, having a central support system, improving latency for remediated findings, changing the pricing model, supporting multiple SBOM formats, having builds fail if important vulnerabilities are found, improving database upgrading turnaround time and accuracy, including static analysis in the open-source version, providing on-premises service, simplifying the initial setup, and adding a code snippet part.
Mend.io has resulted in various returns on investment for different companies. One company is saving 15 percent of their time and achieving a big financial gain, while also delivering safer products for their customers. Another company has seen an improvement in code quality and incident reaction. Some companies have seen a terrific ROI and rate the solution highly. However, there are also competitors in the space, and pricing may become a problem for Mend.io in the future. Additionally, the tool helps remove manual processes, which speeds up delivery and reduces costs in terms of compliance and risk avoidance. Overall, companies have seen a return on investment and expect to see it increase in the future through new sales and cross-sales.
Mend.io's pricing is seen as high by some, but others find it comparable to other tools or negotiable. Some customers feel that they are getting good value for what they pay, while others feel that the pricing could be improved. The licensing model for Mend.io requires a minimum of 20 developers.
Mend is primarily used for detecting and fixing vulnerabilities in products and delivering security reports during product releases. It covers license usage, license type, and CVE vulnerabilities. Mend is deployed on the AWS cloud and has multi-region enabled. It is used to automate software composition analysis, particularly for third-party and open-source software. Mend is also used for code analysis and management of open-source associated risks. It allows for scanning open-source libraries and checking for vulnerabilities and open-source licenses. Policies can be set to disallow risky open sources from being used in solutions. Mend's deployment is hybrid, with scans on-premise and the knowledge base on the cloud.
Customers generally have positive feedback about Mend's customer service and support. They highlight the efficiency, responsiveness, and knowledgeability of the support team. Some customers also appreciate the option of having a dedicated customer support manager. However, some customers note that there may be room for improvement in terms of customer-friendliness and pricing compared to other solutions. Overall, customers rate Mend's support between seven and nine out of ten.
The initial setup for Mend.io was generally straightforward and easy, with some minor configuration needed to meet specific company requirements. Deployment and maintenance are low, with only a few key staff involved in the process. Implementation takes a few days, with minimal maintenance needed afterward. Overall, it was considered a simple and efficient process.
The Mend.io solution is highly scalable, with users from multiple departments and locations, and the ability to handle increased usage without performance issues. One user had some difficulties with a large codebase but is working with the vendor to resolve the issue. The solution is used by a range of organizations, from those with only a few users to those with hundreds. Scalability is crucial for this type of software and is a prerequisite for a SaaS-based solution.
Overall, Mend.io is considered to be a highly stable solution with very few reported issues or downtime. While there have been a few minor hiccups in the past, these were swiftly resolved and did not impact the overall stability of the product. Users rate the stability of Mend.io very highly and consider it to be a dependable and reliable solution. Additionally, the solution is also scalable, meaning it can adapt to meet the changing needs of users over time.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
Mend.io was previously known as WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST.
Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates