It's been two months since this profile received a new review

Mend.io Reviews & Product Details

Mend.io offers the first AI native application security platform, empowering organizations to build and run a proactive AppSec program tuned for AI powered development. The unified platform secures AI generated code and embedded AI components, drives risk reduction through AI powered remediation, automates compliance, and provides a holistic enterprise scale view of risks and clear actions for developers across your entire codebase. Learn more at www.mend.io

Seller

Mend

Discussions

Mend.io Community

Languages Supported

English

Product Description

Mend.io delivers the first AI native application security platform built for software created by both humans and machines. It empowers organizations to secure AI generated code and embedded AI components like models, agents, MCPs, and RAG pipelines. The unified platform brings together comprehensive capabilities including AI security, SAST, SCA, container scanning, and Mend Renovate providing development and security teams complete visibility into risks across their codebase. With AI powered remediation and prioritization workflows, teams are enabled to quickly resolve issues and reduce risk. With a simple, predictable price model, eliminating per-module costs and minimal reliance on expensive professional services Mend.io is a scalable, proactive, developer-friendly platform for modern AppSec—all in a single platform.

Overview by

Na'ama Nir

Value at a Glance

Averages based on real user reviews.

Time to Implement

2 months

Return on Investment

16 months

View More Pricing Information

Top-Rated Alternatives

View All Alternatives

Mend.io Media

The Mend Platform Security Dashboard provides a high‑level overview and analytics for SCA, SAST, and IMAGE scan findings across your entire Organization.

The Value Dashboard provides clear remediation insights and tracks key security metrics like Mean Time to Remediate (MTTR) and overall Finding Reduction %, so teams can confidently demonstrate progress in securing their applications.

Mend.io Demo - Application List with AI Frameworks

A centralized view of applications across the organization and the AI frameworks they leverage, providing visibility into usage and potential security considerations.

G2 reviews are authentic and verified.

Here's how.

Verified User in Computer & Network Security

Mid-Market (51-1000 emp.)

6/19/2020

"Automating software IPR checking"

4/5

What do you like best about Mend.io?

The offering is delivered as SaaS and has an intuitive and easy to use interface which provides rapid access to key information on IPR and security vulnerabilities in an easy to understand graphical format. the wide range of reporting options allow potential issues to be captured and explored in more detail. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

Configuration of the scanning element of the offering requires some practice and there are a large number of parameters to master. Review collected by and hosted on G2.com.

What problems is Mend.io solving and how is that benefiting you?

We have transitioned from a manual process of IPR audit to a fully automated and integrated one which saves considerable time and allows experts to concentrate in areas the specifically require human intervention. This greatly reduces the exposure to to potential IPR liability issues for the organisation. Review collected by and hosted on G2.com.

Sheetal P.

Enterprise (> 1000 emp.)

6/17/2020

"WhiteSource identifies security vulnerabilities in easy steps & provides remediation for quick fixes"

5/5

What do you like best about Mend.io?

User friendly, quick remediation & better reports Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

Provides only OSS security vulnerabilities Review collected by and hosted on G2.com.

Michael R.

Enterprise (> 1000 emp.)

7/27/2020

"Whitesource gave me the functionality that I have been looking for"

4.5/5

What do you like best about Mend.io?

I mostly like the github integration that makes me get better result Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

I do not like the UI of whitesource, I think it can be more user friendly Review collected by and hosted on G2.com.

Verified User in Telecommunications

Enterprise (> 1000 emp.)

8/6/2020

"Whitesource is an excellent tool for ensuring adequate security for third party software packages"

5/5

What do you like best about Mend.io?

The licensing/copyright check is a major time saver. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

For Nodejs the npm packages run deep, and currently it is not easy to determine the root package for some of the vulnerabilities. Review collected by and hosted on G2.com.

Recommendations to others considering Mend.io:

I would recommend integrating the scan process into your devOps pipeline. Review collected by and hosted on G2.com.

What problems is Mend.io solving and how is that benefiting you?

Whitesource automates the listing of third party packages, checks the liceensing/copyright info, and displays any CVEs within these packages. Review collected by and hosted on G2.com.

Verified User in Computer & Network Security

Mid-Market (51-1000 emp.)

5/11/2020

"The best on the market open source dependencies analysis tool"

5/5

What do you like best about Mend.io?

WhiteSource provide information on vulnerabilities resolution via SAAS dashboard and extensive, well researched database of known vulnerable and malicious libraries. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

Takes time to understand all scan configuration parameters but once understood it is easy to use. Review collected by and hosted on G2.com.

Verified User in Information Services

Small-Business (50 or fewer emp.)

8/30/2020

"This is tool is better to review for security vulnerability for libraries."

4/5

What do you like best about Mend.io?

This is tool is better to review for security vulnerability for libraries. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

try to give flexible version of libraries. Review collected by and hosted on G2.com.

Tim A.

Small-Business (50 or fewer emp.)

7/17/2018

Business partner of the seller or seller's competitor, not included in G2 scores.

"Whitesource Reseller (Australia and New Zealand"

4.5/5

What do you like best about Mend.io?

I love the software and the benefits it provides to me, and to my clients. I have worked with Whitesource for the past year and I really love the software and the experience dealing with Whitesource the company. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

At present, I really can't think of anything that I dislike about Whitesource the company OR Whitesource the software solution. Review collected by and hosted on G2.com.

Recommendations to others considering Mend.io:

Try it. If it works for you, I recommend you purchase a subscription. Review collected by and hosted on G2.com.

What problems is Mend.io solving and how is that benefiting you?

I am assisting my clients to solve their business issues with regard to use of Open Source, such as inventory, code quality, licensing concerns, and potential security vulnerabilities. Review collected by and hosted on G2.com.

Anuradha W.

Software Engineer

Computer Software

Enterprise (> 1000 emp.)

10/1/2015

"Automated our current process for monitoring and documenting Open Source dependencies"

4.5/5

What do you like best about Mend.io?

Really impressed with their service, and the response time when an unknown library needed resolution.

Very detailed information for most of the open source dependencies.

Dependency version history and their vulnerabilities have been helpful.

UI and the usability of the tool and its plugins makes it easier to use. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

We still come across a lot of dependencies which are still undetected by the Tool, but they're later resolved once we request resolution manually. I suggest their Database to be frequently updated.

Some features we requested were still not implemented, specially the feature to display an attribute for "folder location" for dependencies uploaded from a disk location.

The tool needed a lot of tune up before first use. Review collected by and hosted on G2.com.

Recommendations to others considering Mend.io:

If your requirements fits the whitesource specification, I would then definitely recommend it. Also sort out all your feature requests before purchasing the full software. Review collected by and hosted on G2.com.

What problems is Mend.io solving and how is that benefiting you?

Automation of our existing process, which in-turn saves a lot of hours and the risks associated with Open source dependencies. Review collected by and hosted on G2.com.

Reka B.

Software Development Engineer in Test

Computer Software

Mid-Market (51-1000 emp.)

1/3/2017

"A could-be-amazing tool that still has some way to go"

2.5/5

What do you like best about Mend.io?

I find the risk report being the most useful thing, other features are on the way to being good but still need some work done. It does seem to detect potential license violations quite well but for instance it doesn't deal with dual licenses: e.g. when a component is licensed under GPL AND MIT the tool will identify it as a violation even though it's no longer the case. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

Most usability issues. The tool just doesn't do the workflow that would be optimal in my opinion. The components seem disjointed, the user interface is a bit clunky and it's quite difficult to identify necessary actions once an issue has been identified. However, I do feel that the engine part is quite solid, what the tool needs is a massive re-think of the UI. Review collected by and hosted on G2.com.

Recommendations to others considering Mend.io:

I would strongly recommend making sure that the product is suitable for the intended purposes and the in-house users are comfortable with the UI. Trialling the product can be a bit of a pain especially as they insist on knowing your full company details and intended purposes just to allow you to have a look. During trial I was very satisfied with the product and only during full deployment of our 30+ individual maven projects did I start suffering from the usability issues. Review collected by and hosted on G2.com.

What problems is Mend.io solving and how is that benefiting you?

We have to identify potential non-open source components in our source code as well detect any security vulnerabilities in our 3rd party components. Review collected by and hosted on G2.com.