GitHub and Mend.io are key players in the software development and open-source governance domains. GitHub shines in collaboration and community support, particularly for open-source projects, while Mend.io's strength lies in vulnerability management and license compliance, offering enhanced security features.
Features: GitHub's extensive integration capabilities with Azure DevOps and Jenkins make it favored for collaborative environments. Its branching functionality and code versioning tools enhance project stability and security systems. Mend.io offers comprehensive vulnerability and license alerts, automating reports that integrate into CI/CD pipelines, thereby increasing operational efficiency. Its robust database manages dependencies with high accuracy, ensuring enterprise-level security.
Room for Improvement: GitHub users seek better project management and testing features along with improved training materials. Integration with tools like Jenkins also requires enhancement. Mend.io, on the other hand, needs improved scanning for containers and broader support for programming languages. It could benefit from a more user-friendly interface and preconfigured policies that align with existing systems.
Ease of Deployment and Customer Service: GitHub's deployment is mainly on public clouds, appreciated for its seamless integration and community support, yet official support lacks direct assistance. Mend.io supports both public and private clouds, often requiring technical support for deployment, indicating a more complex implementation. Its technical support is reliable and addresses complex issues thoroughly.
Pricing and ROI: GitHub provides an open-source solution with a free feature set beneficial to small teams and educational purposes, whereas larger organizations face costs for premium features. Mend.io offers competitive pricing for its security tools, considered justified despite being expensive due to its enterprise-level security offerings. Both platforms offer significant ROI, with Mend.io’s pricing aligning more with enterprises needing extensive security measures.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
The technical support from GitHub is generally good, and they communicate effectively.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
I have noticed that the speed to respond has decreased over time.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
If a skilled developer uses it, it is ten out of ten for stability.
It provides a reliable environment for code management.
GitHub is mostly stable, but there can be occasional hiccups.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
When working with the CI/CD pipeline and somebody is writing the workflow file, it would be best to include the AI feature so if they write incorrect code, it will notify me about it in the same dashboard, eliminating the need to use third-party tools to review the file.
One area for improvement in GitHub could be integration with other tools, such as test management or project management tools.
I would like to see some AI functionality included in GitHub, similar to the features seen in GitLab, to enhance productivity.
The actual challenge is how easy it is to integrate it in the early phase of the software development life cycle.
I strongly recommend that they start working with AI for the reporting part.
The organization decided to consolidate tools and chose Snyk since it provides multiple functionalities in one solution.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
The cost of Mend.io is competitive, being quite low compared to others.
The pull request facility for code review.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
For branching, it works well, especially in an agile environment.
We find it 100% accurate in detecting vulnerabilities.
It handles Application Security, performing SCA SAST and container scanning.
The features I find most valuable in Mend.io are the ease of use; it is very easy to access and integrate.
| Product | Market Share (%) |
|---|---|
| GitHub | 1.0% |
| Mend.io | 3.4% |
| Other | 95.6% |
| Company Size | Count |
|---|---|
| Small Business | 42 |
| Midsize Enterprise | 12 |
| Large Enterprise | 48 |
| Company Size | Count |
|---|---|
| Small Business | 10 |
| Midsize Enterprise | 3 |
| Large Enterprise | 18 |
GitHub is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a Web-based graphical interface and desktop as well as mobile integration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
