Try our new research platform with insights from 80,000+ expert users

Mend.io pros and cons

Vendor: Mend.io

4.2 out of 5

29 reviews
96% willing to recommend

776 followers

Pros & Cons summary

Mend.io enables efficient scanning and inventory management of third-party libraries, classifying licenses by type and vulnerability, enhancing compliance and decision-making. Users appreciate Mend.io's support and CI/CD pipeline integration. Improvements needed include role/action models, container scanning, preconfigured policies for Azure DevOps, multiple SBOM format support, and enhanced reporting capabilities. These enhancements could significantly boost Mend.io's utility for tech buyers seeking seamless software license and vulnerability management.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Mend.io enables scanning and collecting third-party libraries, classifying license types to ensure compliance with software policies.

License management allows users to find, classify, and act on licenses based on criticality and vulnerability, improving security and legal compliance.

Comprehensive inventory features provide visibility into third-party libraries used, aiding in effective management and decision-making.

Reporting capabilities include quick generation of open-source license reports, enhancing transparency and compliance efforts.

The fix suggestions feature aids users in quickly addressing vulnerabilities and updating or replacing problematic libraries efficiently.

CONS

Mend.io needs better ACL and more role definitions for large organizations.

There is a lack of support for multiple SBOM formats to integrate with old industry standards.

Scanning of containers and images needs improvement, requiring better layer distinction.

The reporting process can be slow, and generating a report for an entire organization takes significant time.

Mend.io lacks code snippet support and needs integration with ID and Shift Left for developers to view scan results promptly.

Mend.io Pros review quotes

System Manager of Cloud Engineering at Common Spirit

May 12, 2022

We set the solution up and enabled it and we had everything running pretty quickly.

Read full review

Head of Software Engineering at a legal firm with 1,001-5,000 employees

May 10, 2022

WhiteSource helped reduce our mean time to resolution since the adoption of the product.

Read full review

reviewer1915362

IT Service Manager at a wholesaler/distributor with 51-200 employees

Jul 17, 2022

I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.

Read full review

Free Report: Mend.io Reviews and More

Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

816,406 professionals have used our research since 2012.

Shashidhar Gowda

Program and Portfolio Management at Acceldata

Mar 2, 2022

We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.

Read full review

Intramural OfficialIntramural at Northeastern University

Jul 6, 2022

The vulnerability analysis is the best aspect of the solution.

Read full review

reviewer1928817

Sr. Manager at a financial services firm with 10,001+ employees

Jul 31, 2022

Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.

Read full review

reviewer2165991

Release Manager at Ping Identity

Apr 23, 2023

What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.

Read full review

SM

Product Security Architect at Pitney Bowes Inc.

Sep 26, 2023

The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.

Read full review

Head of Department for Software Engineering and Integration

Mar 7, 2018

The overall support that we receive is pretty good.

Read full review

KW

Principal Security Engineer at Texthelp Ltd.

Jan 10, 2023

There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.

Read full review

Show 10 more reviews (out of 28)

Mend.io Cons review quotes

System Manager of Cloud Engineering at Common Spirit

May 12, 2022

At times, the latency of getting items out of the findings after they're remediated is higher than it should be.

Read full review

Head of Software Engineering at a legal firm with 1,001-5,000 employees

May 10, 2022

They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.

Read full review

reviewer1915362

IT Service Manager at a wholesaler/distributor with 51-200 employees

Jul 17, 2022

We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.

Read full review

Free Report: Mend.io Reviews and More

Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

816,406 professionals have used our research since 2012.

Shashidhar Gowda

Program and Portfolio Management at Acceldata

Mar 2, 2022

I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.

Read full review

Intramural OfficialIntramural at Northeastern University

Jul 6, 2022

The only thing that I don't find support for on Mend Prioritize is C++.

Read full review

reviewer1928817

Sr. Manager at a financial services firm with 10,001+ employees

Jul 31, 2022

Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.

Read full review

reviewer2165991

Release Manager at Ping Identity

Apr 23, 2023

On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization.

Read full review

SM

Product Security Architect at Pitney Bowes Inc.

Sep 26, 2023

I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant.

Read full review

Head of Department for Software Engineering and Integration

Mar 7, 2018

Make the product available in a very stable way for other web browsers.

Read full review

KW

Principal Security Engineer at Texthelp Ltd.

Jan 10, 2023

Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.

Read full review

Show 10 more reviews (out of 28)

Related questions

8

How does Camunda Platform compare with Apache Airflow?

68

How does WhiteSource compare with SonarQube?

734

How does WhiteSource compare with Black Duck?

172

What tools do you rely on for building a DevSecOps pipeline?

107

What alternatives are there for Fortify WebInspect and Fortify SCA?

78

What is the best way to track open-source license compatibility?

25

Why is Software Composition Analysis (SCA) important for companies?

207

Differences between Black Duck & Veracode

30

What SCA solution do you recommend?

9

Is there an SCA solution that finds and fixes vulnerabilities?