Mend.io Reviews & Product Details

The customization and ability to self-host Review collected by and hosted on G2.com.

A bit complicated to set up on Gitlab and occasional bugginess Review collected by and hosted on G2.com.

It works with a bare minimum of configuration Review collected by and hosted on G2.com.

It took me quite a while to find out what that bare minimum was although there is documentation available. Review collected by and hosted on G2.com.

I think the best about the Whitesource Products are the Integration with for example Github. The Github Apps are easy to install and provide a great user experience. For exmple the renovate bot automatically informs you about package updates. When updating packages packages from a monorepo are considered. Also changelogs are displayed in pull request messages from the renovate bot. Review collected by and hosted on G2.com.

I think there is nothing to dislike about the whitesource products. Review collected by and hosted on G2.com.

Summary: Whitesource shows us which libraries can be upgraded and which ones are vulnerable. This keeps our code up-to-date with other project's releases. Having an integration into our pipeline assures us we can follow this up easily.

Applying Whitesource to our projects has helped us tremendously in keeping our project secure. It would be more difficult for our developers to search around to try and find those vulnerabilities by themselves. Most projects do have hundreds of third-party libraries, and even more are downloaded transitively. By comparing the used libraries with known and reported vulnerabilities, we have everything we need in one place.

Each new branch with updated code, triggers a Whitesource build in our pipeline. The email reports are nice triggers for our developers to start looking into vulnerabilities and library updates. Whitesource gives useful resolution suggestions, such as how to avoid the vulnerabilities or which library version no longer has the issue.

Another useful feature is the check on licences. Most developers do not bother looking into which libraries are included in their projects. Whitesource gives a comprehensive list and overview of all licences used in a project. This allows early detection of any non-free library and gives the opportunity to find alternatives quickly. Review collected by and hosted on G2.com.

For each new branch we add to the project, a new product section is created. When our branches are then merged into the master branch, those products remain. Each email report will also include and compare them to the other branches, making the report less useful. This has triggered us to regularly and manually delete those product sections, and only keep the latest reports and branches. Review collected by and hosted on G2.com.

Renovate is easy to setup and works with all VCS you can think of (also self-hosted). I was impressed by the amount of configuration that exists and it saves me quite some time keeping dependencies up-to-date.

Documentation is also really good. Review collected by and hosted on G2.com.

Although the first run was easy, configuring details was a bit of trial and error at first. I was unsure about what a global and what a project specific setting is. Review collected by and hosted on G2.com.

The application gives you a really good overview of all the outdated dependencies, an overview of all the licenses used in all the dependencies, all the vulnerabilities coming out of the used dependencies, policy violations, and much more. Review collected by and hosted on G2.com.

The UI could be updated but for the EE it's suitable. Review collected by and hosted on G2.com.

Out of the box it's already helping a lot. When you dive into the configurations there's even more awesome things you can achieve. Review collected by and hosted on G2.com.

I didn't like the constant stream of emails from Github pull requests. Something you can easily manage with the right config settings. Review collected by and hosted on G2.com.

- Monorepo support

- Super fast responses

- Rebasing works great Review collected by and hosted on G2.com.

- Adding it to an existing project might bloat the repo at first.

- Missing the ability to group all changes based on commits, in a single PR. (this way CI runs for each change, and you can get a daily overview) Review collected by and hosted on G2.com.

The configurability is great. I have tried other tools which only supported a tiny subset of certain programming languages and their package managers. Whitesource Renovate can be configured to update version for pretty much anything, as long as you can find a consistent place that lists versions, such as github releases, and you can regex yourself to the current version you are using.

This helped us set up version upgrades for Helm charts stored in ArgoCD Application files. Review collected by and hosted on G2.com.

It can be a bit unclear why a file isn't picked up and considered for version upgrades. If you have set up a regex, and no files match looks exactly the same as if files match but the contents doesn't. Review collected by and hosted on G2.com.

WhiteSource has been very active helping us to get started and get the most out of the tool, this also helps resolves the "dislikes" to a great extent. WhiteSource has also been very willing to help out investigate incorrect attribution. Single Sign-on makes makes it easy to switch to the portal. The home-view is a good dashboard with an overview of the organization, product, or project status. There are many integration options, such as Jira, GitHub, Travis CI, Jenkins, TeamCity, Bamboo, Azure DevOps, Circle CI, AWS CodeBuild, Google Cloud Build, etc. Review collected by and hosted on G2.com.

The "Policies" are quite limited in their current form and only a single policy can trigger. This means a policy at the product level can prevent organization wide policy violations to trigger. This can be useful when making exceptions as the product level, but this also means a product level admin can overrule organization wide decisions. The products - projects model takes quite a bit of insight and help to be used effectively. Review collected by and hosted on G2.com.