Try our new research platform with insights from 80,000+ expert users

Mend.io vs Qualys Web Application Scanning comparison

Mend.io and Qualys are both solutions in the Application Security Tools category. Mend.io is ranked #17 with an average rating of 9.0, while Qualys is ranked #12 with an average rating of 8.4. Mend.io holds a 3.3% mindshare in AS, compared to Qualys’s 1.9% mindshare. Additionally, 96% of Mend.io users are willing to recommend the solution, compared to 86% of Qualys users who would recommend it.
Mend.io
Read 29 Mend.io reviews
  • 7,739 Views
  • 4,663 Comparison Views
96% willing to recommend
Qualys Web Application Scan...
Read 35 Qualys Web Application Scanning reviews
  • 3,485 Views
  • 2,730 Comparison Views
86% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 23, 2024

Qualys Web Application Scanning and Mend.io are competing products in web application security. Users are happier with the support of Qualys Web Application Scanning, yet Mend.io is preferred for its advanced features, making it worth the premium pricing.

Features: Qualys Web Application Scanning is valued for its comprehensive scanning capabilities, detailed vulnerability reports, and robust feature set. Mend.io offers advanced automation, seamless integration within development workflows, and high-end functionalities. Qualys focuses on thorough scanning and detailed analysis, while Mend.io emphasizes automation and integration capabilities.

Room for Improvement: Qualys Web Application Scanning users suggest enhancements in scan speed, user-friendly reporting, and better performance. Mend.io users indicate a need for better documentation, more customization options, and improved user support resources.

Ease of Deployment and Customer Service: Qualys Web Application Scanning is noted for its straightforward deployment and responsive customer service. Mend.io is praised for easy setup but has mixed reviews on support responsiveness.

Pricing and ROI: Qualys Web Application Scanning’s setup costs are considered high but justified by robust features. Mend.io’s pricing is higher, but users feel the ROI is worthwhile due to its advanced functionalities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Mend.io vs. Qualys Web Application Scanning Report (Updated: October 2024).
Buyer's Guide
Mend.io vs. Qualys Web Application Scanning
October 2024
Download the complete report
Helped 816,636 peers since 2012
 

Categories and Ranking

Mend.io
Ranking in Application Security Tools
17th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
29
Ranking in other categories
Software Composition Analysis (SCA) (7th), Static Code Analysis (4th), Software Supply Chain Security (1st)
Qualys Web Application Scan...
Ranking in Application Security Tools
12th
Average Rating
7.8
Reviews Sentiment
7.4
Number of Reviews
35
Ranking in other categories
Static Application Security Testing (SAST) (11th)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of Mend.io is 3.3%, down from 4.0% compared to the previous year. The mindshare of Qualys Web Application Scanning is 1.9%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Jeffrey Harker - PeerSpot reviewer
Easy to use, great for finding vulnerabilities, and simple to set up
Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Governance up until that time had been manual and when we tried to do manual governance of a large codebase, our chances of success were pretty minimal. Mend (formerly WhiteSource) does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release. We use Mend (formerly WhiteSource) Smart Fix. I’d say pretty much everything in Mend (formerly WhiteSource) is easy to use. We really don't have too much difficulty using the product at all. I've implemented other scanners and tools and had much more trouble with those products than we've ever had with Mend (formerly WhiteSource). That’s extremely important. It's hard to sell to some of these teams to put any level of overhead on top of their product development efforts and the fact that Mend (formerly WhiteSource) is as easy as it is to use is a critical aspect of adoption here. It scores very highly on that scale. Mend (formerly WhiteSource) Smart Fix helps our developers fix vulnerable transitive dependencies. It's all very helpful to our development community. First of all, we're able to find that there are issues. Second of all, we're able to figure out very quickly what needs to be done to remediate the issues. Mend (formerly WhiteSource) helped reduce our mean time to resolution since adopting it. A lot of it is process improvement and technical aspects that can tell us how to go about remediating the issues. We get that out of Mend (formerly WhiteSource). Making the developers aware that these issues are there and insisting they be corrected and making the effort to do that visibly is very valuable to us. Overall, Mend (formerly WhiteSource) helped dramatically reduce the number of open-source software vulnerabilities running in our production at any given point in time. I won't give metrics, however, it's fair to say that our state before and after Mend (formerly WhiteSource) is dramatically different and moved in a positive direction. Mend's ability to integrate our developer's existing workflows, including their IDE repository and CI is good. Azure DevOps is really important. That's what the pipelines are. That's a very important piece of the entire puzzle. If this was just an external scanner where periodically we'd go through and scan our repos and give them a report, we’d do that with pen testing products, for example, for security testing. The problem is, by the time they get those reports, they've already shipped the code to multiple environments and it's too late to stop the train. With these features being baked into the pipelines like this, they know immediately. As a result, we're able to quickly take action to remediate findings.
Read full review
SubhajitAich - PeerSpot reviewer
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"The overall support that we receive is pretty good. ​"
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"The results and the dashboard they provide are good."
More Mend.io pros
"​This product is designed for easy scalability and can easily scale up ​without major challenges."
"​We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.​"
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"It works with many different products."
"It is a good product for website penetration testing to detect vulnerabilities."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"It is a very stable solution."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
More Qualys Web Application Scanning pros
 

Cons

"The dashboard UI and UX are problematic."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"The UI is not that friendly and you need to learn how to navigate easily."
More Mend.io cons
"It should have better automatic reporting."
"The virus code updates are not frequent enough."
"There should be better visibility into the application."
"It is unclear how to build automation on Qualys. We do some automation, but not fully, because working is difficult."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"We have many websites. We don't force scanning on all of them at once because it's taking some time."
"The software’s pricing could be improved."
More Qualys Web Application Scanning cons
 

Pricing and Cost Advice

"We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
"Mend is costly but not overly expensive. The license was quite expensive this year, but we managed to negotiate the price down to the same as last year. At the same time, it's a good value. We're getting what we're paying for and still not using all the features. We could probably get more out of the tool and make it more valuable. At the moment, we don't have the capacity to do that."
"This is an expensive solution."
"Pricing is competitive."
"Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
"The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
"WhiteSource is much more affordable than Veracode."
"As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
More Mend.io pricing and cost advice
"The product has a very good licensing model."
"From my perspective, it is a budget-friendly option."
"I rate the software’s pricing a six out of ten."
"Qualys WAS' pricing is competitive."
"The product is expensive, at least initially, in comparison to other products in this category."
"Pricing was reasonable and competitive. It was not too far above the other products."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
More Qualys Web Application Scanning pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
816,636 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
16%
Manufacturing Company
12%
Energy/Utilities Company
5%
Computer Software Company
16%
Financial Services Firm
16%
Manufacturing Company
10%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with SonarQube?
Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, ea...
See all answers
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
See all answers
What do you like most about Mend.io?
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulner...
See all answers
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
See all answers
What is your experience regarding pricing and costs for Qualys Web Application Scanning?
The product pricing is fair and reasonably priced.
See all answers
What needs improvement with Qualys Web Application Scanning?
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs Mend.io Logo
SonarQube Server (formerly SonarQube) vs Mend.io
Compared 26% of the time
Black Duck vs Mend.io Logo
Black Duck vs Mend.io
Compared 15% of the time
Snyk vs Mend.io Logo
Snyk vs Mend.io
Compared 9% of the time
Veracode vs Mend.io Logo
Veracode vs Mend.io
Compared 8% of the time
Coverity vs Mend.io Logo
Coverity vs Mend.io
Compared 1% of the time
More Mend.io Competitors
OWASP Zap vs Qualys Web Application Scanning Logo
OWASP Zap vs Qualys Web Application Scanning
Compared 19% of the time
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning Logo
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning
Compared 11% of the time
Veracode vs Qualys Web Application Scanning Logo
Veracode vs Qualys Web Application Scanning
Compared 9% of the time
Fortify WebInspect vs Qualys Web Application Scanning Logo
Fortify WebInspect vs Qualys Web Application Scanning
Compared 6% of the time
Acunetix vs Qualys Web Application Scanning Logo
Acunetix vs Qualys Web Application Scanning
Compared 6% of the time
More Qualys Web Application Scanning Competitors
 

Product Reports

Buyer's Guide
Mend.io
November 2024
Mend.io reportDownload Mend.io product report
Buyer's Guide
Qualys Web Application Scanning
November 2024
Qualys Web Application Scanning reportDownload Qualys Web Application Scanning product report
 

Also Known As

WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST
Qualys WAS
 

Learn More

Mend.io
Qualys
 

Overview

Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

Mend.io Features

Mend.io has many valuable key features. Some of the most useful ones include:

  • Vulnerability analysis
  • Automated remediation
  • Seamless integration
  • Business prioritization
  • Limitless scalability
  • Intuitive interface
  • Language support
  • Integration
  • Continuous monitoring
  • Remediation suggestions
  • Customization

Mend.io Benefits

There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

  • Easy to use: The Mend.io platform is very user-friendly and easy to set up.
  • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
  • Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
  • Broad support: Mend.io provides 27 different programming languages and various programming frameworks.
  • Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
  • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
  • Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

  • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

  • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

  • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

  • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

  • Quick Deployment: Requires no infrastructure or software to upkeep.

  • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

  • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

  • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

  • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

  • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

 

Sample Customers

Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Buyer's Guide
Mend.io vs. Qualys Web Application Scanning
October 2024
Free Report: Mend.io vs. Qualys Web Application Scanning
Find out what your peers are saying about Mend.io vs. Qualys Web Application Scanning and other solutions. Updated: October 2024.
DOWNLOAD NOW
816,636 professionals have used our research since 2012.
See our Mend.io vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.