Try our new research platform with insights from 80,000+ expert users

Mend.io vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 30, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.9
Mend.io enhances security and efficiency, managing open-source components, reducing vulnerabilities, boosting compliance, and increasing potential sales growth.
Sentiment score
5.5
Qualys Web Application Scanning improved visibility, reduced costs and failure rates, and increased ROI with automation, despite licensing challenges.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
 

Customer Service

Sentiment score
7.5
Mend.io provides highly responsive customer service with excellent technical support and proactive communication, despite minor reseller process challenges.
Sentiment score
5.0
Qualys Web Application Scanning support is mostly praised for responsiveness, with minor concerns about higher-tier access and engagement.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
 

Scalability Issues

Sentiment score
7.8
Mend.io offers impressive scalability for large projects and users, with stable performance and effective integration with CI/CD tools.
Sentiment score
7.7
Qualys Web Application Scanning is scalable, handling multiple licenses and users, though some issues arise with concurrent scans.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
 

Stability Issues

Sentiment score
7.7
Mend.io is generally stable and reliable, addressing occasional slowdowns swiftly, though some face pipeline integration challenges.
Sentiment score
8.5
Qualys Web Application Scanning is praised for stability and reliability, with users rating it highly and few issues reported.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
 

Room For Improvement

Mend.io users desire enhanced integration, interface improvements, better scanning, customizable reports, and expanded support for tools and languages.
Qualys Web Application Scanning users seek improved XSS detection, simpler interface, better pricing, and enhanced integration features.
The organization decided to consolidate tools and chose Snyk since it provides multiple functionalities in one solution.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
 

Setup Cost

Mend.io provides cost-effective pricing with fixed developer fees, appealing to enterprises for affordability and negotiable terms.
Qualys Web Application Scanning offers competitive pricing and flexible licensing, though some users seek improved cost-effectiveness.
The cost of Mend.io is competitive, being quite low compared to others.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
 

Valuable Features

Mend.io streamlines governance and enhances security by efficiently detecting vulnerabilities and integrating with DevOps workflows.
Qualys Web Application Scanning offers Selenium integration, effective threat detection, and seamless CI/CD integration with a user-friendly interface.
We find it 100% accurate in detecting vulnerabilities.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
It is recognized as one of the best tools for web application security from a development perspective.
The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
 

Categories and Ranking

Mend.io
Ranking in Application Security Tools
18th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
30
Ranking in other categories
Software Composition Analysis (SCA) (7th), Static Code Analysis (4th), Software Supply Chain Security (2nd)
Qualys Web Application Scan...
Ranking in Application Security Tools
12th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
38
Ranking in other categories
Static Application Security Testing (SAST) (9th)
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of Mend.io is 3.5%, up from 3.5% compared to the previous year. The mindshare of Qualys Web Application Scanning is 2.0%, down from 2.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

meetharoon - PeerSpot reviewer
Enables smooth management of vulnerabilities and promotes a shift towards a culture of security
We have witnessed Mend.io for its high stability, consistently living up to our expectations in terms of performance and reliability. Our developers have reported very few issues and almost minimal to zero downtime, which is a critical factor for our organization to rely on Mend SCA to secure our applications. We didn't experience any major issues in the stability of the product. This level of dependability is crucial for our hundreds of development teams that need to maintain continuous integration and deployment processes without interruptions. We realize the solution's architecture is designed to support a wide range of use cases, making it suitable for organizations of varying sizes and complexities. As a SaaS (Software as a Service) offering, Mend.io eliminates the need for physical server management, which further contributes to its stability. Users can access the platform without worrying about hardware failures or maintenance issues that can affect on-premises solutions. Moreover, Mend.io's integration capabilities with existing workflows—including IDEs, repositories, and CI/CD pipelines—enhance its stability by providing a seamless user experience. This integration allows teams to incorporate security scanning into their development processes without significant disruptions, which is often a challenge with less stable solutions. Feedback from our developers and architects highlights the tool's effectiveness in reducing open-source software vulnerabilities while maintaining a streamlined development lifecycle. Our organization have experienced improved code quality and faster incident response times as a result of using Mend.io. The platform's intuitive dashboard and management views are also praised by our developers for their usability, contributing to a positive user experience. In short, Mend.io stands out as a dependable and reliable solution in the realm of software composition analysis. Its high stability, combined with robust integration capabilities and user-friendly features, makes it an excellent choice for organizations seeking to enhance their security posture while minimizing operational disruptions.
SubhajitAich - PeerSpot reviewer
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
12%
Energy/Utilities Company
5%
Computer Software Company
17%
Financial Services Firm
15%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with SonarQube?
Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, ea...
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Mend.io?
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulner...
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus ( /products/tenable-nessus-reviews ). After using the product for a year, I might have more s...
 

Also Known As

WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST
Qualys WAS
 

Overview

 

Sample Customers

Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Mend.io vs. Qualys Web Application Scanning and other solutions. Updated: March 2025.
842,767 professionals have used our research since 2012.