Try our new research platform with insights from 80,000+ expert users

Mend.io vs Qualys Web Application Scanning comparison

Mend.io and Qualys are both solutions in the Application Security Tools category. Mend.io is ranked #17 with an average rating of 9.0, while Qualys is ranked #12 with an average rating of 8.4. Mend.io holds a 3.4% mindshare in AS, compared to Qualys’s 1.9% mindshare. Additionally, 96% of Mend.io users are willing to recommend the solution, compared to 86% of Qualys users who would recommend it.
Mend.io
Read 30 Mend.io reviews
  • 6,790 Views
  • 4,177 Comparison Views
96% willing to recommend
Qualys Web Application Scan...
Read 35 Qualys Web Application Scanning reviews
  • 3,250 Views
  • 2,532 Comparison Views
86% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 29, 2024

Qualys Web Application Scanning (WAS) and Mend.io compete in the web and software vulnerability management category. Qualys WAS has the upper hand with its robust feature set and comprehensive vulnerability management compared to Mend.io’s focus on third-party dependency management.

Features: Qualys WAS provides a comprehensive web application vulnerability management platform integrating with Selenium IDE for automated testing. It offers real-time monitoring, OWASP Top 10 scanning, and extensive API access for automation in CI/CD pipelines, aiding significantly in PCI compliance with fewer false positives. Mend.io is strong in managing third-party dependencies with precise vulnerability detection and a robust inventory management system, supporting a wide range of open-source languages and offering seamless integration with IDEs and CI/CD pipelines.

Room for Improvement: Qualys WAS users suggest improving zero-day threat detection, developing more mature APIs for flexible integration, and refining asset organization. Enhancements could also help reduce false positives and support various security standards beyond OWASP. Mend.io could expand language support in its Mend Prioritize feature, simplify its busy dashboard UI, and improve documentation and container scanning support.

Ease of Deployment and Customer Service: Qualys WAS offers flexible deployment across public, private, hybrid, and on-premises clouds, ensuring scalability for various environments. Its customer service is generally supportive, though there is room for improved proactive engagement. Mend.io excels in responsive support with public and hybrid cloud deployments, although some users suggest refining the integration process for better overall experience.

Pricing and ROI: Qualys is perceived as expensive, with a flexible subscription model based on asset numbers, justified by its strong feature set and ROI through automation savings and reduced web application failures. Mend.io is also seen as costly but relatively affordable for comprehensive software composition analysis, though some find the pricing aggressive. Both offer favorable ROI with Qualys's scalability and Mend.io’s integration strengths providing distinct value for their price points.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Mend.io vs. Qualys Web Application Scanning Report (Updated: January 2025).
Buyer's Guide
Mend.io vs. Qualys Web Application Scanning
January 2025
Download the complete report
Helped 831,683 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Mend.io
Ranking in Application Security Tools
17th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
30
Ranking in other categories
Software Composition Analysis (SCA) (7th), Static Code Analysis (4th), Software Supply Chain Security (2nd)
Qualys Web Application Scan...
Ranking in Application Security Tools
12th
Average Rating
7.8
Reviews Sentiment
7.4
Number of Reviews
35
Ranking in other categories
Static Application Security Testing (SAST) (11th)
 

Mindshare comparison

As of January 2025, in the Application Security Tools category, the mindshare of Mend.io is 3.4%, down from 3.7% compared to the previous year. The mindshare of Qualys Web Application Scanning is 1.9%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

meetharoon - PeerSpot reviewer
Enables smooth management of vulnerabilities and promotes a shift towards a culture of security
We have witnessed Mend.io for its high stability, consistently living up to our expectations in terms of performance and reliability. Our developers have reported very few issues and almost minimal to zero downtime, which is a critical factor for our organization to rely on Mend SCA to secure our applications. We didn't experience any major issues in the stability of the product. This level of dependability is crucial for our hundreds of development teams that need to maintain continuous integration and deployment processes without interruptions. We realize the solution's architecture is designed to support a wide range of use cases, making it suitable for organizations of varying sizes and complexities. As a SaaS (Software as a Service) offering, Mend.io eliminates the need for physical server management, which further contributes to its stability. Users can access the platform without worrying about hardware failures or maintenance issues that can affect on-premises solutions. Moreover, Mend.io's integration capabilities with existing workflows—including IDEs, repositories, and CI/CD pipelines—enhance its stability by providing a seamless user experience. This integration allows teams to incorporate security scanning into their development processes without significant disruptions, which is often a challenge with less stable solutions. Feedback from our developers and architects highlights the tool's effectiveness in reducing open-source software vulnerabilities while maintaining a streamlined development lifecycle. Our organization have experienced improved code quality and faster incident response times as a result of using Mend.io. The platform's intuitive dashboard and management views are also praised by our developers for their usability, contributing to a positive user experience. In short, Mend.io stands out as a dependable and reliable solution in the realm of software composition analysis. Its high stability, combined with robust integration capabilities and user-friendly features, makes it an excellent choice for organizations seeking to enhance their security posture while minimizing operational disruptions.
Read full review
SubhajitAich - PeerSpot reviewer
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"Its ease of use and good results are the most valuable."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"The solution is scalable."
More Mend.io pros
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"​QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.​"
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The tool links vulnerabilities with DDIs and gives a complete overview of the application. The continuous monitoring capability is good."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
More Qualys Web Application Scanning pros
 

Cons

"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"The initial setup could be simplified."
"The UI is not that friendly and you need to learn how to navigate easily."
"AI integration in code security tools like Mend.io is still in its early stages and relatively immature."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
More Mend.io cons
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The authenticated scanning feature could be improved by adding support for real-time scanning tokens and authorization tokens."
"The software’s pricing could be improved."
"There could be better management and faster scanning."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The product's pricing could be better."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
More Qualys Web Application Scanning cons
 

Pricing and Cost Advice

"Pricing is competitive."
"We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
"Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
"The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
"WhiteSource is much more affordable than Veracode."
"Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."
"As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
"When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
More Mend.io pricing and cost advice
"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."
"Pricing was reasonable and competitive. It was not too far above the other products."
"The product is expensive, at least initially, in comparison to other products in this category."
"We normally purchase an annual license."
"The product pricing is fair and reasonably priced."
"The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
"From my perspective, it is a budget-friendly option."
"The product has a very good licensing model."
More Qualys Web Application Scanning pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
831,683 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
16%
Manufacturing Company
12%
Energy/Utilities Company
5%
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
10%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with SonarQube?
Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, ea...
See all answers
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
See all answers
What do you like most about Mend.io?
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulner...
See all answers
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
See all answers
What is your experience regarding pricing and costs for Qualys Web Application Scanning?
The product pricing is fair and reasonably priced.
See all answers
What needs improvement with Qualys Web Application Scanning?
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs Mend.io Logo
SonarQube Server (formerly SonarQube) vs Mend.io
Compared 25% of the time
Black Duck vs Mend.io Logo
Black Duck vs Mend.io
Compared 15% of the time
Snyk vs Mend.io Logo
Snyk vs Mend.io
Compared 9% of the time
Veracode vs Mend.io Logo
Veracode vs Mend.io
Compared 7% of the time
JFrog Xray vs Mend.io Logo
JFrog Xray vs Mend.io
Compared 6% of the time
More Mend.io Competitors
OWASP Zap vs Qualys Web Application Scanning Logo
OWASP Zap vs Qualys Web Application Scanning
Compared 18% of the time
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning Logo
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning
Compared 11% of the time
Veracode vs Qualys Web Application Scanning Logo
Veracode vs Qualys Web Application Scanning
Compared 8% of the time
Fortify WebInspect vs Qualys Web Application Scanning Logo
Fortify WebInspect vs Qualys Web Application Scanning
Compared 7% of the time
HCL AppScan vs Qualys Web Application Scanning Logo
HCL AppScan vs Qualys Web Application Scanning
Compared 6% of the time
More Qualys Web Application Scanning Competitors
 

Product Reports

Buyer's Guide
Mend.io
January 2025
Mend.io reportDownload Mend.io product report
Buyer's Guide
Qualys Web Application Scanning
January 2025
Qualys Web Application Scanning reportDownload Qualys Web Application Scanning product report
 

Also Known As

WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST
Qualys WAS
 

Overview

Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

Mend.io Features

Mend.io has many valuable key features. Some of the most useful ones include:

  • Vulnerability analysis
  • Automated remediation
  • Seamless integration
  • Business prioritization
  • Limitless scalability
  • Intuitive interface
  • Language support
  • Integration
  • Continuous monitoring
  • Remediation suggestions
  • Customization

Mend.io Benefits

There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

  • Easy to use: The Mend.io platform is very user-friendly and easy to set up.
  • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
  • Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
  • Broad support: Mend.io provides 27 different programming languages and various programming frameworks.
  • Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
  • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
  • Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

Mend.io

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

  • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

  • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

  • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

  • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

  • Quick Deployment: Requires no infrastructure or software to upkeep.

  • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

  • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

  • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

  • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

  • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

Qualys
 

Sample Customers

Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Buyer's Guide
Mend.io vs. Qualys Web Application Scanning
January 2025
Free Report: Mend.io vs. Qualys Web Application Scanning
Find out what your peers are saying about Mend.io vs. Qualys Web Application Scanning and other solutions. Updated: January 2025.
DOWNLOAD NOW
831,683 professionals have used our research since 2012.
See our Mend.io vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.