Qualys Web Application Scanning and Mend.io compete in the cybersecurity software market, focusing on vulnerability management and open-source security solutions. Based on features, Mend.io seems to have an edge due to its comprehensive programming language support and open-source management capabilities.
Features: Qualys Web Application Scanning offers integration with Selenium IDE for automated login processes, protection against zero-day vulnerabilities, and detailed vulnerability management. It is praised for its accurate reporting, real-time monitoring, and low false positive rate. Mend.io focuses on open-source dependency management, robust vulnerability alerts, extensive language support, and efficient integration within CI/CD pipelines. It is recognized for automating license and copyright management, making it highly valuable for organizations relying on open-source components.
Room for Improvement: Qualys Web Application Scanning has a complex setup process and reports occasional false positives. Its pricing is considered high and lacks flexibility, while documentation and report clarity need refinement. Users also call for better integration and automation features. Mend.io needs improvements in its UI/UX design and expanded support for additional programming languages. Its pricing model may not be suitable for smaller companies and experiences occasional latency. More support for various compliance frameworks and enhancements to policy configuration options are also requested.
Ease of Deployment and Customer Service: Qualys Web Application Scanning supports deployment in Hybrid, Private, and Public Cloud environments and provides good customer support, although some users highlight the need for better customer relations. Mend.io also offers deployment in Public and Private Clouds, with strong responsive technical support. However, a few notes on its interface complexity were mentioned.
Pricing and ROI: Qualys Web Application Scanning is often viewed as expensive with a complicated licensing model, despite offering good ROI through automation. Users express a need for more competitive pricing and clearer licensing terms for virtual appliances. Mend.io's pricing stands as higher than competitors, yet its features are often seen as worth the cost by some users, though flexibility remains an issue for startups. Its substantial SCA and container security functionalities justify the price for others. Both solutions apply different pricing strategies, influencing their value perceptions across varied company sizes.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
The organization decided to consolidate tools and chose Snyk since it provides multiple functionalities in one solution.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
The cost of Mend.io is competitive, being quite low compared to others.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
We find it 100% accurate in detecting vulnerabilities.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
It is recognized as one of the best tools for web application security from a development perspective.
The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.