Mend.io Reviews & Product Details

Scanning is simple with an easy-to-use agent.

Reports are easy to read providing useful insight. Review collected by and hosted on G2.com.

The Mend Portal can be slow on occassion.

Some parts of the interface are not as intuitive as they could be. Review collected by and hosted on G2.com.

modern and familiar UI, easy to use and comfortable Review collected by and hosted on G2.com.

structure of pages are not easy to understand Review collected by and hosted on G2.com.

1. Seemless integration with SCM.

2. License management for open source repositories. Review collected by and hosted on G2.com.

It would be great if an auto dependency resolution/management is provided for any finding. Review collected by and hosted on G2.com.

I enjoy how quickly PRs are opened so I can always have my dependencies up to date. The PRs are informative and using checkboxes for UI is much better than commands. Review collected by and hosted on G2.com.

There isn't much to dislike, the configuration file allows me to control pretty much every I could want to. If I had to make one complaint it's that the config file has to be in the root of the repo. It would be nice if I could hide it away in a .github directory or perhaps a .whitesource directory which could also hold my bolt config file. Review collected by and hosted on G2.com.

I setup whitesource rennovate to help keep our dependencies up to date. Since doing that we have slowly but surely updated all of our dependencies without spending much developer time. Review collected by and hosted on G2.com.

The downside is that rennovate is a bit slow to rerun after you've made a change. For the most part it's fine but when you're getting started and have lots to update it can feel slow. Review collected by and hosted on G2.com.

I mostly use Renovate, and the difference between its competitors is enormous.

Monorepos updates, dependencies dashboard and its response time are what I like the most. Review collected by and hosted on G2.com.

Sincerely I cannot think of anything that I dislike.

The only improvement I would like is a deeper GitHub integration like they have with Dependabot, but I recognize that it's an effort from both sides. Review collected by and hosted on G2.com.

We are using WhiteSource's Renovate Bot. It quickly integrates into GitHub Actions, supports private npm registries, and allows grouping of packages which is fantastic if you use TypeScript (you can set up renovate to create one PR for @types package and the related package it self). Review collected by and hosted on G2.com.

Right now, there is nothing we dislike about Renovate. It does its job, provides a great developer experience, and makes updating internal core packages more effortless than ever before. Review collected by and hosted on G2.com.

Great app to keep the app vulnerability free as you don't need to worry about upgrading tons of packages in your multiple projects anymore. It does the tedious manual job for you. Review collected by and hosted on G2.com.

I've been using renovate for a while now. Don't really know if there's a way to exclude a specific package from upgrading. Review collected by and hosted on G2.com.

I like how easy it is to get started and running. The security updates that it provide are valuable for the team and helps us move forward quickly. Review collected by and hosted on G2.com.

It's hard to setup with private python repo, we had to fork and then use our custom images in the docker to make the renovatebot working on private repos. Review collected by and hosted on G2.com.

WhiteSource finds dependency in all our configs, even in those use for pipelines like circle ci. Review collected by and hosted on G2.com.

There are no changelogs for Docker containers. If this information is available, it would be helpful to include it in the PRs. A focus on CVEs would also be interesting. Review collected by and hosted on G2.com.