Try our new research platform with insights from 80,000+ expert users

Mend.io vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 23, 2024
 

Categories and Ranking

Mend.io
Ranking in Application Security Tools
17th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
30
Ranking in other categories
Software Composition Analysis (SCA) (7th), Static Code Analysis (4th), Software Supply Chain Security (2nd)
Qualys Web Application Scan...
Ranking in Application Security Tools
13th
Average Rating
7.8
Reviews Sentiment
7.4
Number of Reviews
35
Ranking in other categories
Static Application Security Testing (SAST) (12th)
 

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of Mend.io is 3.4%, down from 3.9% compared to the previous year. The mindshare of Qualys Web Application Scanning is 1.9%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

meetharoon - PeerSpot reviewer
Enables smooth management of vulnerabilities and promotes a shift towards a culture of security
We have witnessed Mend.io for its high stability, consistently living up to our expectations in terms of performance and reliability. Our developers have reported very few issues and almost minimal to zero downtime, which is a critical factor for our organization to rely on Mend SCA to secure our applications. We didn't experience any major issues in the stability of the product. This level of dependability is crucial for our hundreds of development teams that need to maintain continuous integration and deployment processes without interruptions. We realize the solution's architecture is designed to support a wide range of use cases, making it suitable for organizations of varying sizes and complexities. As a SaaS (Software as a Service) offering, Mend.io eliminates the need for physical server management, which further contributes to its stability. Users can access the platform without worrying about hardware failures or maintenance issues that can affect on-premises solutions. Moreover, Mend.io's integration capabilities with existing workflows—including IDEs, repositories, and CI/CD pipelines—enhance its stability by providing a seamless user experience. This integration allows teams to incorporate security scanning into their development processes without significant disruptions, which is often a challenge with less stable solutions. Feedback from our developers and architects highlights the tool's effectiveness in reducing open-source software vulnerabilities while maintaining a streamlined development lifecycle. Our organization have experienced improved code quality and faster incident response times as a result of using Mend.io. The platform's intuitive dashboard and management views are also praised by our developers for their usability, contributing to a positive user experience. In short, Mend.io stands out as a dependable and reliable solution in the realm of software composition analysis. Its high stability, combined with robust integration capabilities and user-friendly features, makes it an excellent choice for organizations seeking to enhance their security posture while minimizing operational disruptions.
SubhajitAich - PeerSpot reviewer
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The dashboard view and the management view are most valuable."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"The tool links vulnerabilities with DDIs and gives a complete overview of the application. The continuous monitoring capability is good."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"It is a very stable solution."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"Automated scanning has significantly improved our web application security management by reducing manual work."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
 

Cons

"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"I would like to see the static analysis included with the open-source version."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The solution needs to adjust its pricing. They should make it more affordable."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"There should be better visibility into the application."
 

Pricing and Cost Advice

"As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
"Mend is costly but not overly expensive. The license was quite expensive this year, but we managed to negotiate the price down to the same as last year. At the same time, it's a good value. We're getting what we're paying for and still not using all the features. We could probably get more out of the tool and make it more valuable. At the moment, we don't have the capacity to do that."
"The solution involves a yearly licensing fee."
"We always negotiate for the best price possible, and as far as I know, Mend has done an excellent job with their pricing. Our management is happy with the pricing, which has led to renewals."
"It is fairly priced."
"When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
"Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
"Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."
"Try the free trial of the product to understand the basic working mechanisms.​"
"It is an expensive platform."
"The product pricing is fair and reasonably priced."
"Qualys WAS' pricing is competitive."
"Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."
"The product is expensive, at least initially, in comparison to other products in this category."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"We normally purchase an annual license."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
824,145 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
16%
Manufacturing Company
12%
Energy/Utilities Company
5%
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
10%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with SonarQube?
Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, ea...
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Mend.io?
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulner...
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...
 

Also Known As

WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST
Qualys WAS
 

Learn More

 

Overview

 

Sample Customers

Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Mend.io vs. Qualys Web Application Scanning and other solutions. Updated: December 2024.
824,145 professionals have used our research since 2012.