The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.
What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.
There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.
IT Service Manager at a wholesaler/distributor with 51-200 employees
Real User
2022-07-17T14:21:00Z
Jul 17, 2022
I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.
Architect/Developer at a insurance company with 5,001-10,000 employees
Real User
2022-05-12T11:02:45Z
May 12, 2022
WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.
We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.
Business Process Analyst at a financial services firm with 1,001-5,000 employees
Real User
2021-02-22T14:10:50Z
Feb 22, 2021
The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.
With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions.
Project Manager at a wellness & fitness company with 11-50 employees
Real User
2020-01-06T10:07:00Z
Jan 6, 2020
The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies.
Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software.
Senior Productization Specialist at a tech services company with 51-200 employees
Real User
2019-12-12T14:38:00Z
Dec 12, 2019
The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t...
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.
What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.
There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.
I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.
The vulnerability analysis is the best aspect of the solution.
The dashboard view and the management view are most valuable.
WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.
WhiteSource helped reduce our mean time to resolution since the adoption of the product.
We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.
The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business.
The solution boasts a broad range of features and covers much of what an ideal SCA tool should.
The solution is scalable.
The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.
Its ease of use and good results are the most valuable.
The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar).
With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions.
The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies.
It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions.
Our dev team uses the fix suggestions feature to quickly find the best path for remediation.
For us, the most valuable tool was open-source licensing analysis.
Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software.
The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution.
The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate.