It's been two months since this profile received a new review

Mend.io Reviews & Product Details

Mend.io offers the first AI native application security platform, empowering organizations to build and run a proactive AppSec program tuned for AI powered development. The unified platform secures AI generated code and embedded AI components, drives risk reduction through AI powered remediation, automates compliance, and provides a holistic enterprise scale view of risks and clear actions for developers across your entire codebase. Learn more at www.mend.io

Seller

Mend

Discussions

Mend.io Community

Languages Supported

English

Product Description

Mend.io delivers the first AI native application security platform built for software created by both humans and machines. It empowers organizations to secure AI generated code and embedded AI components like models, agents, MCPs, and RAG pipelines. The unified platform brings together comprehensive capabilities including AI security, SAST, SCA, container scanning, and Mend Renovate providing development and security teams complete visibility into risks across their codebase. With AI powered remediation and prioritization workflows, teams are enabled to quickly resolve issues and reduce risk. With a simple, predictable price model, eliminating per-module costs and minimal reliance on expensive professional services Mend.io is a scalable, proactive, developer-friendly platform for modern AppSec—all in a single platform.

Overview by

Na'ama Nir

Value at a Glance

Averages based on real user reviews.

Time to Implement

2 months

Return on Investment

16 months

View More Pricing Information

Top-Rated Alternatives

View All Alternatives

Mend.io Media

The Mend Platform Security Dashboard provides a high‑level overview and analytics for SCA, SAST, and IMAGE scan findings across your entire Organization.

The Value Dashboard provides clear remediation insights and tracks key security metrics like Mean Time to Remediate (MTTR) and overall Finding Reduction %, so teams can confidently demonstrate progress in securing their applications.

Mend.io Demo - Application List with AI Frameworks

A centralized view of applications across the organization and the AI frameworks they leverage, providing visibility into usage and potential security considerations.

G2 reviews are authentic and verified.

Here's how.

Mo F.

DevSecOps Consultant

Enterprise (> 1000 emp.)

11/26/2022

"Easy integration with CI/CD and powerful shift-left approach"

4.5/5

What do you like best about Mend.io?

It makes it very easy to break down and analyze all the open source packages that are in client's code with reports and dashboards to easily identify Critical, Highs, Med and Low risks. I also like that it easily integrates with Github and Azure DevOps to the point that I don't have to login to another site or console and I can see issues right on my platform for tracking and remediation Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

The commonality with a lot of SAST tools is the amount of false positives. Review collected by and hosted on G2.com.

Roshan K.

Mid-Market (51-1000 emp.)

7/17/2023

"Saves time, faster, Amazing customer support"

4.5/5

What do you like best about Mend.io?

Customer support.

Integration for other tools. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

UI: Options on UI is not handy or not much presentable. Review collected by and hosted on G2.com.

Sonal M.

Product Security Engineer

Mid-Market (51-1000 emp.)

6/15/2020

"Best Open Source Analysis (OSA) at this moment."

5/5

What do you like best about Mend.io?

Best Open Source analysis with their In-house and other multiple sources of software vulnerabilities. Also one of the few companies in the market which will give you license & policy violations alert as well.

Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.

Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.

Mostly such things are helpful in today's world as most of your administration is offloaded to them. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

No downside of using this software in OSA and DEVOPS Pipeline.

Support Team's response is sometimes delayed but sometimes it's prompt.

Need to define an SLA Review collected by and hosted on G2.com.

Recommendations to others considering Mend.io:

Best valuation for the price point in the market right now, go for it.

Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source. Review collected by and hosted on G2.com.

What problems is Mend.io solving and how is that benefiting you?

Open Source software which are used in almost all of software products needs to be evaluated for vulnerabilities and secure products should be shipped in market.

The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.

There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.

Whitesource's R&D team is also working diligently to improve their vulnerability DB.

Also, this tool can be incorporated in DevSecOps pipeline as well. Review collected by and hosted on G2.com.

Rajesh T.

Penetration Tester

Enterprise (> 1000 emp.)

4/12/2023

"Makes easy to manage your 3rd party libraries"

4/5

What do you like best about Mend.io?

The scans are quick, and a detailed report is provided.

Easy to manage. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

The dashboard/UI would be improved and made more user-friendly. Review collected by and hosted on G2.com.

Behrooz K.

CTO

Small-Business (50 or fewer emp.)

9/8/2022

"Easy to use and fast for getting results"

4.5/5

What do you like best about Mend.io?

Very easy to set up and make it work. Also very easy to modify the set up and add or remove new repos. I really like the fact that after each merge Mend automatically creates issues associated with each problematic dependency, and those are automatically closed if the issue is resolved. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

So far there hasn't been any areas that I disliked. I haven't dig deep into the documentation yet, but it was not immediately clear if Mend will automatically assess PRs before merging and add any comments to them. Review collected by and hosted on G2.com.

What problems is Mend.io solving and how is that benefiting you?

The main area we use Mend for right now is analyzing vulnerabilities of the dependencies that we use. In our platform security is very important since we deal with sensitive customer information and their transactions data. We need to make sure the 3rd-party libraries that we use have no known vulnerabilities. Review collected by and hosted on G2.com.

John C.

Information Security Architect

Mid-Market (51-1000 emp.)

5/19/2023

"Industry-leading SCA, work in progress"

5/5

What do you like best about Mend.io?

Quick and accurate scanning, multiple plug-ins for various different build and ci/cd platforms. Prioritize, Whitesource for developers Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

hard to get some features working like

eua, and integration this Jira was challenging Review collected by and hosted on G2.com.

Verified User in Human Resources

Enterprise (> 1000 emp.)

7/10/2023

"Overall a good tool for your dev needs"

4/5

What do you like best about Mend.io?

comprehensive software composition analysis

provides in-depth visibility into open source components and their vulnerabilities, helping organizations proactively manage security risks. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

pricing structure can be quite complex, making it challenging to determine the most cost-effective plan for specific business needs. Review collected by and hosted on G2.com.

Abhishek K.

Development Architect

Enterprise (> 1000 emp.)

11/9/2022

"Good tool but UI is clunky"

3/5

What do you like best about Mend.io?

The information about vulnerabilities is generally up to date. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

The UI is very clunky. Doesn't integrate well into development workflow. as we need to come to this tool to audit the findings. Would be nice to have it as a github plugin from where we can directly audit the findings. Review collected by and hosted on G2.com.

Verified User in Telecommunications

Mid-Market (51-1000 emp.)

1/13/2023

"Mend makes security issue fixing and reporting really simple."

5/5

What do you like best about Mend.io?

Mend's integration with source control systems and IDEs is simply outstanding. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

Nothing I dislike as of now. But I wish mend had a chat feature or something for quick resolution of small issues without needing to open support cases. Review collected by and hosted on G2.com.

Johannes B.

CTO

Mid-Market (51-1000 emp.)

6/13/2022

"Great Tool for Managing 3rd party libraries"

4.5/5

What do you like best about Mend.io?

Mend eases the process of keeping track of all the used 3rd party dependencies within a product. It not only scans for the pure occurrence (also transitively) but takes also care of license and vulnerabilities. Review collected by and hosted on G2.com.

What do you dislike about Mend.io?

In the beginning, it is a steep learning curve to configure the tool and integrate it into custom pipelines. With the help of a succeess manager, this also works out. Since the usage of renovate, we have up-to-date libraries across all our projects, but not all versions are known immediately by the dashboard. Review collected by and hosted on G2.com.