# Mend.io Reviews **Vendor:** Mend **Category:** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Average Rating:** 4.3/5.0 **Total Reviews:** 112 ## About Mend.io Modern risk doesn't live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster. ## Mend.io Pros & Cons **What users like:** - Users value the **scanning efficiency** of Mend.io, appreciating quick scans and detailed reports for effective management. (8 reviews) - Users highlight the **ease of use** of Mend.io, finding it helpful and supportive for managing updates and security. (7 reviews) - Users value the **easy integrations** with tools and repositories, streamlining security processes effortlessly. (6 reviews) - Users value the **comprehensive scanning capabilities** of Mend.io, which streamline security and compliance processes effectively. (6 reviews) - Users appreciate the **fast and comprehensive vulnerability detection** of Mend.io, saving time and ensuring code security. (6 reviews) - Customer Support (5 reviews) - Users find that Mend.io provides **easy integration support** , enhancing application security effortlessly. (5 reviews) - Comprehensive Solutions (4 reviews) - Security Scanning (4 reviews) - Useful (4 reviews) **What users dislike:** - Users face significant **integration issues** with Mend.io, struggling to connect with on-premise tools and various utilities. (6 reviews) - Users feel that Mend.io has **limited features** , requiring custom solutions and complicating integration with existing tools. (3 reviews) - Users find **missing features** in Mend.io, struggling with functionality and integration while awaiting improvements in the new version. (3 reviews) - Users experience **complex implementation** , noting challenges with integration, false positives, and lengthy setup procedures. (2 reviews) - Users find the **confusing interface** of Mend.io challenging due to multiple portals and unhelpful UI options. (2 reviews) - Users find the product to be **too pricy** , feeling that its integration lacks value for the cost. (2 reviews) - False Positives (2 reviews) - Overwhelming Interface (2 reviews) - Poor Customer Support (2 reviews) - Poor Interface Design (2 reviews) ## Mend.io Reviews ### 1. Useful tool **Rating:** 5.0/5.0 stars **Reviewed by:** Israel Sebastián E. | Software Engineer Intern, Small-Business (50 or fewer emp.) **Reviewed Date:** February 12, 2025 **What do you like best about Mend.io?** Enhances the application security and it's relatively easy to use and integrate. **What do you dislike about Mend.io?** it might be helpful to separate pricing for each product **What problems is Mend.io solving and how is that benefiting you?** Automated dependency updates benefits me a loot to keep the project secure and free of vulnerabilities. ### 2. good experience with mend.io **Rating:** 3.0/5.0 stars **Reviewed by:** Oliver l. | Aspiring Software Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** February 17, 2025 **What do you like best about Mend.io?** an easy-to-use and helpful tool for checking auto-updates and dependencies. **What do you dislike about Mend.io?** not quite a good integration and is a bit too pricy. **What problems is Mend.io solving and how is that benefiting you?** depedency check and updates, the remediation suggestions as well. ### 3. Mend has been an excellent tool, both for OSA and SAST **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** May 23, 2024 **What do you like best about Mend.io?** I really like the ability to integrate the tooling directly into our source code repository. This allows us to scan hundreds of repositories without needing to configure each of them separately. Onboarding is simple and the updated user interface is attractive and easy to use. **What do you dislike about Mend.io?** SAST capabilities are new and still maturing. Documentation is good, but could use some improvement. **What problems is Mend.io solving and how is that benefiting you?** Mend is helping us maintain an inventory of all of our open source components and is scanning every commit for open source vulnerabilities. Additionally, Mend is helping us identify potential security vulnerabilities in our source code. ### 4. Mend is an excellent SCA solution. The prioritize feature saves a lot of time. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.) **Reviewed Date:** May 21, 2024 **What do you like best about Mend.io?** The most helpful feature in Mend.io is the Prioritize feature. It is a fast scan that checks if a vulnerability is reacheable by your code. So you can fix the vulnerabilities that trully affects your application **What do you dislike about Mend.io?** I miss some kind of PoC for the CVEs that mend identifies. Some times it's hard to verify if the vulnerability is a true positive **What problems is Mend.io solving and how is that benefiting you?** The main problem that Mend.io is solving is about reducing the False Positives vulnerabilities and the non reachable vulnerabilities in the Software Composition Analysis ### 5. Streamlined Integration for Compliance with Open-Source Licenses & Vulnerability Detection **Rating:** 5.0/5.0 stars **Reviewed by:** Christopher M. | Mid-Market (51-1000 emp.) **Reviewed Date:** September 15, 2023 **What do you like best about Mend.io?** One of the strengths of Mend.io lies in the simplicity of integrating their unified agent into our Continuous Integration pipeline. This streamlined process, with its commendable support system and verbose documentation, has reduced setup times. We're now efficiently detecting open-source license violations. Coupled with the integration with JIRA, it ensures that open vulnerabilities are promptly and systematically recorded, streamlining our response and tracking processes. **What do you dislike about Mend.io?** While the platform functions efficiently, there's scope for modernising the user interface. It would be beneficial to see Mend.io adopt a more contemporary design. However, it's worth noting that this aesthetic aspect doesn't detract from the product's overall usability. **What problems is Mend.io solving and how is that benefiting you?** Mend addresses the challenges associated with open-source license compliance and vulnerability detection in our codebase. Efficiently identifying and alerting us about any license violations ensures that our software remains compliant, reducing potential legal risks. Additionally, its vulnerability detection capabilities enable us to swiftly pinpoint and rectify security vulnerabilities, enhancing our applications' overall safety and integrity. The integration of Mend.io with JIRA facilitates a systematic recording and tracking of these vulnerabilities, ensuring a structured and effective response from our team. As a result, we maintain a higher standard of code quality and save significant time and resources, allowing us to focus on further development and innovation. This has been crucial for us, especially in the demanding environment of Continuous Integration. ### 6. Easy to use **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Insurance | Mid-Market (51-1000 emp.) **Reviewed Date:** June 11, 2024 **What do you like best about Mend.io?** Easy to use. Helpful. Support is very responsive. **What do you dislike about Mend.io?** Needing to report to the security team that doesn't understand software. **What problems is Mend.io solving and how is that benefiting you?** Keeps us up to date on any known vulnerabilities in the open source packages we leverage. ### 7. Mend is a key part of your development process. **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Enterprise (> 1000 emp.) **Reviewed Date:** May 21, 2024 **What do you like best about Mend.io?** It's scanning capabilities are more than useful. CSM and support teams are really helpful and reactive. **What do you dislike about Mend.io?** Its integration with on-premise tools can be challenging. **What problems is Mend.io solving and how is that benefiting you?** We want to identify and mitigate issues with vurnerabilities and those licenses . ### 8. Great Product **Rating:** 5.0/5.0 stars **Reviewed by:** Josh B. | Enterprise (> 1000 emp.) **Reviewed Date:** May 15, 2024 **What do you like best about Mend.io?** It is easy to navigate and to find vulnerabilities and violations. **What do you dislike about Mend.io?** I know there is a newer version coming, but it could have a bit more functionality. **What problems is Mend.io solving and how is that benefiting you?** Mend is helping us contain vulnerabilities and licensing. ### 9. Mend Implementation and Review with other tools **Rating:** 2.5/5.0 stars **Reviewed by:** Praveen V. | Enterprise (> 1000 emp.) **Reviewed Date:** December 08, 2023 **What do you like best about Mend.io?** Mend is one of the good tool and we can use the tool SCA, SAST and container scans and results are good compared to other tools **What do you dislike about Mend.io?** More false positives, difficult intagration, lot of issue in scanner updations and configuration **What problems is Mend.io solving and how is that benefiting you?** It helps to identify the vulnerablities at the early stage,help us by providing all the details about the Code. ### 10. Leader in the field **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Non-Profit Organization Management | Mid-Market (51-1000 emp.) **Reviewed Date:** November 22, 2023 **What do you like best about Mend.io?** Mend has several strengths. First, the company behind it is relatively transparent, helpful, and straightforward. I appreciated that they didn't oversell the product the way several competitors did. The software integrates nicely with Microsoft development tools. Customer support is good and responsive as well. **What do you dislike about Mend.io?** This isn't really a knock, but as a point in time, they are integrating the SCA and the, I think, acquired SAST solutions together into a common platform. Obviously, that's a large effort, and once that is done, it will be even better. **What problems is Mend.io solving and how is that benefiting you?** Mend simplifies the reporting and auditing aspect of documenting that vulnerabilities have been managed properly. ### 11. Easy to use tool that supports our scanning needs **Rating:** 4.5/5.0 stars **Reviewed by:** Neil D. | Vice President, Engineering, Mid-Market (51-1000 emp.) **Reviewed Date:** July 24, 2023 **What do you like best about Mend.io?** Mend supports source code library scans, container scans and also checks licenses used by our apps and services to ensure we are meeting our security, compliance and licensing requirements. We would have to use multiple platforms to achieve this. **What do you dislike about Mend.io?** Mend is investing heavily in updating their scanning to be simpler and easier to use, however the new scanning tool does not support all of our use cases yet and we have to use a multitude of scanning methods on the mend platform to meet our needs. For example the CLI tool does not support poetry for python yet. We often have to roll our own utilities to make Mend work nicely with our CI/CD tooling, such as creating our own clean up tools and pipes to process the scan results. **What problems is Mend.io solving and how is that benefiting you?** • Licensing compliance - ensuring we are not using libraries with licenses that are incompatible with how we are using the library • Scanning for and reporting on the vulnerabilities in our libraries and containers to enable us to understand our exposure to threats and the risks on our business • Understanding how up-to-date our libraries are. Old libraries are higher risk due to the risk of abandonware, and can have expensive upgrades (especially when dealing with zero-day vulnerabilities) ### 12. A Game-Changer in Open Source Software Security and Compliance Management **Rating:** 4.5/5.0 stars **Reviewed by:** Lital F. | Back End Developer, Enterprise (> 1000 emp.) **Reviewed Date:** July 10, 2023 **What do you like best about Mend.io?** Mend seamlessly integrates into any build process, regardless of programming languages, build tools, or development environments. This flexibility allows developers to incorporate Mend into their existing workflows without disruptions. In addition, Mend automatically detects and analyzes open source components used in projects, providing comprehensive vulnerability reports. This proactive approach helps identify and address potential security risks, ensuring software remains secure. Mend offers in-depth insights into licenses and obligations associated with open source components. It helps developers manage license conflicts and ensure compliance with legal and regulatory requirements. **What do you dislike about Mend.io?** While Mend.io offers a comprehensive set of features, some users have mentioned that there can be a slight learning curve when initially getting familiar with the platform. However, this is often mitigated by the available documentation and support resources provided. A few users have expressed that the user interface of Mend.io could be more intuitive and user-friendly. Streamlining the interface and enhancing the overall user experience could potentially be areas for improvement. **What problems is Mend.io solving and how is that benefiting you?** Mend.io primarily solves two critical problems for software developers: open-source software security and compliance management. ### 13. best SCA and SAST tool **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** July 27, 2023 **What do you like best about Mend.io?** It is a great tool to scan our binaries, we have been using it for a while now and have liked the solution. It is good to have sbom as a part of SCA scanning portal but I would like to see SAST also intergrated there. **What do you dislike about Mend.io?** As of today, we do not see any major issues from mend, one of the concerns we have is that recently support team has not replied back to our tickets for weeks and we have had to escalte it via our partners to get it resolved. **What problems is Mend.io solving and how is that benefiting you?** Mend has helped us with a tool which has reduced our overhead as a devops team by intergrating it to our ci/cd pipelines and increased our velocity. it has also helped us with a single point of presence for SBOMS ### 14. Mend - Fixing What I Didn't Know Was Broken **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** August 06, 2023 **What do you like best about Mend.io?** Using the CLI unified agent is a breeze and the syntax is easy to understand/follow. The web UI is not only easy on the eyes but the user experience makes it easy to find what you're looking for. **What do you dislike about Mend.io?** Currently, at least in my use of the product, there are two different portals depending on which product I'm using, SAST vs SCA, which is kind of awkward to bounce between. **What problems is Mend.io solving and how is that benefiting you?** Mend takes the reigns on most of the heavy lifting around the Static Code Analysis needs, considering it is much quicker and effecient at scanning the nearly 400,000 lines of code I'm throwing at it than I would be if doing it by hand like a caveman. ### 15. Keep your dependency up to date **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** March 30, 2023 **What do you like best about Mend.io?** A unique feature that was offered by Mend Renovate for Github is the support for the Gradle version catalog. This is a very useful feature for big mono repo, to keep your java dependencies managed by gradle up-to-date and vulnerability free. In the middle of 2022(when our organization was moved to Github), gradle version catalog was not supported by Github Dependabot, so natural Mend Renovate was a natural choice for us. **What do you dislike about Mend.io?** As Mend Renovate for Github is a free tool, offered functionality is more than enough. A nice add-on would be integration with JIRA that allows tracking vulnerabilities with synchronization on the both side. **What problems is Mend.io solving and how is that benefiting you?** Mend Renovate for GitHub help us keep our dependencies up to date, which causes fewer vulnerabilities in the final Product. The time required to update dependency was significantly decreased. ### 16. Great developers integration **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** July 13, 2023 **What do you like best about Mend.io?** I like the developers integration kit- spesifically the repo integration when I can see all my PR and decide on the action plan **What do you dislike about Mend.io?** The first implementation was painful - it took couple of days to fully complete the integration and needed to open support cases to make sure it is completed **What problems is Mend.io solving and how is that benefiting you?** I am able to manage the risk in my code- it shows me the risk for each libarary and suggest how it can be resolved- super quick and helpful! ### 17. Gartner Review **Rating:** 4.0/5.0 stars **Reviewed by:** Mohd A. | Cloud Security Architect, Mid-Market (51-1000 emp.) **Reviewed Date:** July 25, 2023 **What do you like best about Mend.io?** Scanning capabilities, scanning of open source and sending notifications **What do you dislike about Mend.io?** Reporting feature needs to have more user friendly reports **What problems is Mend.io solving and how is that benefiting you?** we use open source components and mend is giving us good info about vulnerabilities ### 18. Very helpful and supporting to Detect Open Source Vulnerabilities **Rating:** 5.0/5.0 stars **Reviewed by:** Dhananjay S. | Mid-Market (51-1000 emp.) **Reviewed Date:** July 12, 2023 **What do you like best about Mend.io?** The quality report & recommendations. User friendly Interface **What do you dislike about Mend.io?** Sometimes rigid process, difficulties in cutomization **What problems is Mend.io solving and how is that benefiting you?** Sharing OpenSource Licencing details to customers Resolve security challenges due to older versions of OSS ### 19. Using Mend integration to Continuous Integration system **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** December 14, 2016 **What do you like best about Mend.io?** The API, The Unified agent JAR and the service-oriented attitude from Mend engineering and success managers **What do you dislike about Mend.io?** Performance in huge projects (might be solved with workarounds) . The CLI is running as JAVA jar only. The dashboard UX is bad. Really need to improve it **What problems is Mend.io solving and how is that benefiting you?** Keeps us and our customers safe from legal and security aspects ### 20. Industry Leading SCA Tool **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Commercial Real Estate | Enterprise (> 1000 emp.) **Reviewed Date:** July 18, 2023 **What do you like best about Mend.io?** Streamlined approach to SCA makes integration easy and informative. New features being added that have incredible value for what you are paying. **What do you dislike about Mend.io?** It seems as though sometimes features are released without having much documentation published about it. **What problems is Mend.io solving and how is that benefiting you?** SBOM, SCA, Supply Chain Risk Managment. ### 21. Easy integration with CI/CD and powerful shift-left approach **Rating:** 4.5/5.0 stars **Reviewed by:** Mo F. | DevSecOps Consultant, Enterprise (> 1000 emp.) **Reviewed Date:** November 26, 2022 **What do you like best about Mend.io?** It makes it very easy to break down and analyze all the open source packages that are in client's code with reports and dashboards to easily identify Critical, Highs, Med and Low risks. I also like that it easily integrates with Github and Azure DevOps to the point that I don't have to login to another site or console and I can see issues right on my platform for tracking and remediation **What do you dislike about Mend.io?** The commonality with a lot of SAST tools is the amount of false positives. **What problems is Mend.io solving and how is that benefiting you?** Client developers need data to patch the applications right from the start and with Mend we can do pre-commit and PR triggers that fix before we are shipping to production for better security. ### 22. Saves time, faster, Amazing customer support **Rating:** 4.5/5.0 stars **Reviewed by:** Roshan K. | Mid-Market (51-1000 emp.) **Reviewed Date:** July 17, 2023 **What do you like best about Mend.io?** Customer support. Integration for other tools. **What do you dislike about Mend.io?** UI: Options on UI is not handy or not much presentable. **What problems is Mend.io solving and how is that benefiting you?** Getting defined analysis for SCA and container scanning report helping me to keep track of vulnerability. ### 23. Best Open Source Analysis (OSA) at this moment. **Rating:** 5.0/5.0 stars **Reviewed by:** Sonal M. | Product Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** June 15, 2020 **What do you like best about Mend.io?** Best Open Source analysis with their In-house and other multiple sources of software vulnerabilities. Also one of the few companies in the market which will give you license & policy violations alert as well. Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely. Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation. Mostly such things are helpful in today's world as most of your administration is offloaded to them. **What do you dislike about Mend.io?** No downside of using this software in OSA and DEVOPS Pipeline. Support Team's response is sometimes delayed but sometimes it's prompt. Need to define an SLA **Recommendations to others considering Mend.io:** Best valuation for the price point in the market right now, go for it. Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source. **What problems is Mend.io solving and how is that benefiting you?** Open Source software which are used in almost all of software products needs to be evaluated for vulnerabilities and secure products should be shipped in market. The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system. There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side. Whitesource's R&D team is also working diligently to improve their vulnerability DB. Also, this tool can be incorporated in DevSecOps pipeline as well. ### 24. Makes easy to manage your 3rd party libraries **Rating:** 4.0/5.0 stars **Reviewed by:** Rajesh T. | Penetration Tester, Enterprise (> 1000 emp.) **Reviewed Date:** April 12, 2023 **What do you like best about Mend.io?** The scans are quick, and a detailed report is provided. Easy to manage. **What do you dislike about Mend.io?** The dashboard/UI would be improved and made more user-friendly. **What problems is Mend.io solving and how is that benefiting you?** It helps us to scan the libraries before the release. Is also a part of CI/CD pipeline. ### 25. Easy to use and fast for getting results **Rating:** 4.5/5.0 stars **Reviewed by:** Behrooz K. | CTO, Small-Business (50 or fewer emp.) **Reviewed Date:** September 08, 2022 **What do you like best about Mend.io?** Very easy to set up and make it work. Also very easy to modify the set up and add or remove new repos. I really like the fact that after each merge Mend automatically creates issues associated with each problematic dependency, and those are automatically closed if the issue is resolved. **What do you dislike about Mend.io?** So far there hasn't been any areas that I disliked. I haven't dig deep into the documentation yet, but it was not immediately clear if Mend will automatically assess PRs before merging and add any comments to them. **What problems is Mend.io solving and how is that benefiting you?** The main area we use Mend for right now is analyzing vulnerabilities of the dependencies that we use. In our platform security is very important since we deal with sensitive customer information and their transactions data. We need to make sure the 3rd-party libraries that we use have no known vulnerabilities. ### 26. Industry-leading SCA, work in progress **Rating:** 5.0/5.0 stars **Reviewed by:** John C. | Information Security Architect, Mid-Market (51-1000 emp.) **Reviewed Date:** May 19, 2023 **What do you like best about Mend.io?** Quick and accurate scanning, multiple plug-ins for various different build and ci/cd platforms. Prioritize, Whitesource for developers **What do you dislike about Mend.io?** hard to get some features working like eua, and integration this Jira was challenging **What problems is Mend.io solving and how is that benefiting you?** Quick and accurate scanning, multiple plug-ins for various different build and ci/cd platforms. Prioritize, Whitesource for developers ### 27. Overall a good tool for your dev needs **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Human Resources | Enterprise (> 1000 emp.) **Reviewed Date:** July 10, 2023 **What do you like best about Mend.io?** comprehensive software composition analysis provides in-depth visibility into open source components and their vulnerabilities, helping organizations proactively manage security risks. **What do you dislike about Mend.io?** pricing structure can be quite complex, making it challenging to determine the most cost-effective plan for specific business needs. **What problems is Mend.io solving and how is that benefiting you?** Don't need to maintain security vulnerabilities my self, mend io helps me keep up to date. ### 28. Good tool but UI is clunky **Rating:** 3.0/5.0 stars **Reviewed by:** Abhishek K. | Development Architect, Enterprise (> 1000 emp.) **Reviewed Date:** November 09, 2022 **What do you like best about Mend.io?** The information about vulnerabilities is generally up to date. **What do you dislike about Mend.io?** The UI is very clunky. Doesn't integrate well into development workflow. as we need to come to this tool to audit the findings. Would be nice to have it as a github plugin from where we can directly audit the findings. **What problems is Mend.io solving and how is that benefiting you?** The main challenge it solves is that it scans our dependencies for vulnerabilities. Being integrated in our corporate toolchain means, that we don't have to justify the value multiple times to stakeholders. ### 29. Mend makes security issue fixing and reporting really simple. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** January 13, 2023 **What do you like best about Mend.io?** Mend's integration with source control systems and IDEs is simply outstanding. **What do you dislike about Mend.io?** Nothing I dislike as of now. But I wish mend had a chat feature or something for quick resolution of small issues without needing to open support cases. **What problems is Mend.io solving and how is that benefiting you?** Mend is simplifying the whole process of addressing security issues and helps us generate reports to present to our customers on how secure our applications are. ### 30. Great Tool for Managing 3rd party libraries **Rating:** 4.5/5.0 stars **Reviewed by:** Johannes B. | CTO, Mid-Market (51-1000 emp.) **Reviewed Date:** June 13, 2022 **What do you like best about Mend.io?** Mend eases the process of keeping track of all the used 3rd party dependencies within a product. It not only scans for the pure occurrence (also transitively) but takes also care of license and vulnerabilities. **What do you dislike about Mend.io?** In the beginning, it is a steep learning curve to configure the tool and integrate it into custom pipelines. With the help of a succeess manager, this also works out. Since the usage of renovate, we have up-to-date libraries across all our projects, but not all versions are known immediately by the dashboard. **What problems is Mend.io solving and how is that benefiting you?** Mend helps you to track which libraries are used within a piece of software. It keeps track of the vulnerabilities and also keeps track of the license. With single clicks, you can generate the necessary license overview and ensure the vulnerability state of your application. ### 31. Great platform and team is always working on improving the product **Rating:** 5.0/5.0 stars **Reviewed by:** rahul s. | a, Enterprise (> 1000 emp.) **Reviewed Date:** August 29, 2022 **What do you like best about Mend.io?** Overall I feel that Mend is a good platform and what I love most is that they are always working on continued improvements. Moreover features like prioritize etc make it the best **What do you dislike about Mend.io?** frankly it's a good tool. Still, if i have to list the cons,i would say .so , .a file types support should be added. Also, prioritize should include support for more and more package maangers . **What problems is Mend.io solving and how is that benefiting you?** all our deployment compliance, license violation issues, library management, vulnerability management , in house patterns/libraries and policy violation are trusted to Mend . ### 32. Better code. **Rating:** 4.0/5.0 stars **Reviewed by:** louay n. | DevOps engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** September 26, 2022 **What do you like best about Mend.io?** Scanning for the vulnerabilities is always updated and the research team is doing an amazing job keeping everything up-to-date and not missing any vulnerability. **What do you dislike about Mend.io?** I feel that the dashboard's UI can look nicer and more readable. eg better views, more modern design, easier access to products and related projects with a tree view. **What problems is Mend.io solving and how is that benefiting you?** Security vulnerabilities, avoiding/fixing them to get a more secure product that satisfies the higher-ups and the clients together which increased the business performance ### 33. Fast and Reliable **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Automotive | Enterprise (> 1000 emp.) **Reviewed Date:** December 21, 2022 **What do you like best about Mend.io?** IntelliJ Plugin - The analysis is really quick **What do you dislike about Mend.io?** Viewing the report. I feel overwhelmed when I log in to Mend. The landing page should just contain the project I'm interested in and the related reports. Similar to tools like Fortify and Sonar. **What problems is Mend.io solving and how is that benefiting you?** Helping our product to stay compliant by analyzing and reporting the security vulnerabilities in time. ### 34. Rocky Implementation with Reliable Vulnerability Management **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Accounting | Enterprise (> 1000 emp.) **Reviewed Date:** August 26, 2022 **What do you like best about Mend.io?** Mend has timely support through their portal and sales rep which has been very helpful. Their newest documentation is overhauled which is a huge plus compared to their previous WhiteSource documentation. Their vulnerability management has timely alerts, a wealth of information on findings and integrations. **What do you dislike about Mend.io?** Implementation was challenging even with technical support. We were unable to effectively get the unified agent configuration working even though we had this 5 months prior in a POC. We opted to go for Azure integration which worked easily out of the box (a plus) but is a bit limited in scope for how we handled effective vulnerabilities. Reporting is lacking especially when using the tool as a compliance/inventory management process. Risk acceptance lasts indefinitely rather than a threshold e.g. 90 days / 360 days. **What problems is Mend.io solving and how is that benefiting you?** We primarily use Mend for automated static code analysis of our open-source development projects. THe product solves our vulnerability management gap with open-source solutions and is used to solve as a list of approved libraries. ### 35. A very promising security product and business line **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** August 25, 2022 **What do you like best about Mend.io?** The simplicity of scanning The simplicity of the GUI and able to drill down into where exactly a particular library is fetched from Ability to download reports and more meaningful reports as compared to other products (Snyk, CodeClimate) **What do you dislike about Mend.io?** The complexity in scanning different technologies and educating developers how to scan their code and read their dashboards Sometimes, downstream dependencies are displayed (false positives) , it is extremely hard for engineers to figure out the tree maps and fix the problematic lines of code The "Requires Review" section is very wide and demands the review and sign off from different departments like developer+devops+Management. But the GUI does not support this in a user friendly way. When we mark a library "in-house" or try to "whitelist it" it becomes permanently marked as such instead of allowing us to revisit it. **What problems is Mend.io solving and how is that benefiting you?** The problem of knowing what are the OSS bundled into our source code Developers urgently reference libraries to develop features without much focus on static application security, as admins we are able to capture those early in SDLC ### 36. SAST SCA scanning in good budget **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Security and Investigations | Mid-Market (51-1000 emp.) **Reviewed Date:** August 08, 2022 **What do you like best about Mend.io?** The scan results are pretty accurate and explained in a very good way. We can raise an issues on their support portal which is providing responses to our cases in a quick time. **What do you dislike about Mend.io?** They are yet to merge their SAST and SCA portals which is important. Their support is missing a chat feature which is important in case of urgent issues. Documentation should be improved. **What problems is Mend.io solving and how is that benefiting you?** Mend is scanning our source code as well as the libraries and providing us the list of vulnerabilities present in our source code or libraries where we need to improve and produce a better product. ### 37. Make it easy for your development team to address open source risk **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Utilities | Enterprise (> 1000 emp.) **Reviewed Date:** October 28, 2022 **What do you like best about Mend.io?** Mend is a very intuitive tool that has integrations with many typical pipelines and repos. We have found it to be very good at identifying vulnerable components with a low false positive rate. It provides good recommendations for the best fix version of a library. **What do you dislike about Mend.io?** Mend is starting to build out full support for exporting results in standard SBOM formats, but generating these outputs currently requires running separate Python scripts. **What problems is Mend.io solving and how is that benefiting you?** Mend is used to address open source risk by evaluating for vulnerabilities, license risk, and code quality. It supports the enforcement of policies. ### 38. Mend : A Useful Dependency Management Tool **Rating:** 5.0/5.0 stars **Reviewed by:** Aditya G. | Associate Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** July 13, 2022 **What do you like best about Mend.io?** Scanning the Dependencies in the Project for Vulnerabilities is a really efficient feature. It keeps track of various dependencies across repositories and also suggests the upgraded version for dependencies to fix the Vulnerabilities. Integration with Gitlab Runners and CI/CD Pipelines has made the process seamless. **What do you dislike about Mend.io?** It sometimes shows invalid vulnerabilities, even when the Dependency version has been upgraded. Integration and Setup for a complex project and multiple subprojects with Gitlab Repository isn't simple and could be tedious. **What problems is Mend.io solving and how is that benefiting you?** It's helpful in keeping track of the versions of various dependencies and libraries being used. It's really beneficial in keeping the applications secure from vulnerabilities. ### 39. Secure your projects with Mend **Rating:** 4.5/5.0 stars **Reviewed by:** Meer T. | S, Small-Business (50 or fewer emp.) **Reviewed Date:** July 25, 2022 **What do you like best about Mend.io?** The best thing is the security and easy to use. The mend bot offers couple of qualities to protect your projects against several security protocols warnings. It is very helpful. **What do you dislike about Mend.io?** To be honest there's only one thing which i dislike about this great bot is limitation of free account, you will only get limited scans for free account which needs to be increased. **What problems is Mend.io solving and how is that benefiting you?** Mend bot is very intelligent and i helped me with all dependencies and unknown random files issues and give me overall issue report to customize the threat. Very useful. ### 40. Good **Rating:** 3.5/5.0 stars **Reviewed by:** Amit K. | Security Analyst, Small-Business (50 or fewer emp.) **Reviewed Date:** November 29, 2022 **What do you like best about Mend.io?** For Commerical Use Helpful this is the Best But Some Slow Conditions is that **What do you dislike about Mend.io?** nothingthis is the Best But Some Slow Conditions is that **What problems is Mend.io solving and how is that benefiting you?** Slow ### 41. Effective and easy to use OSS scanning **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** September 12, 2022 **What do you like best about Mend.io?** Scanning is simple with an easy-to-use agent. Reports are easy to read providing useful insight. **What do you dislike about Mend.io?** The Mend Portal can be slow on occassion. Some parts of the interface are not as intuitive as they could be. **What problems is Mend.io solving and how is that benefiting you?** I have some maven based build issues. Mend Support is providing effective and swift guidance on how to solve these issues. ### 42. modern UI **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Internet | Enterprise (> 1000 emp.) **Reviewed Date:** September 01, 2020 **What do you like best about Mend.io?** modern and familiar UI, easy to use and comfortable **What do you dislike about Mend.io?** structure of pages are not easy to understand **What problems is Mend.io solving and how is that benefiting you?** detect company's license policy violations and solve them ### 43. Good tool for SCA **Rating:** 3.0/5.0 stars **Reviewed by:** Mohit P. | DevSecOps Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** October 06, 2022 **What do you like best about Mend.io?** 1. Seemless integration with SCM. 2. License management for open source repositories. **What do you dislike about Mend.io?** It would be great if an auto dependency resolution/management is provided for any finding. **What problems is Mend.io solving and how is that benefiting you?** Implementing shift left strategy ### 44. Renovate is great **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** April 11, 2022 **What do you like best about Mend.io?** I enjoy how quickly PRs are opened so I can always have my dependencies up to date. The PRs are informative and using checkboxes for UI is much better than commands. **What do you dislike about Mend.io?** There isn't much to dislike, the configuration file allows me to control pretty much every I could want to. If I had to make one complaint it's that the config file has to be in the root of the repo. It would be nice if I could hide it away in a .github directory or perhaps a .whitesource directory which could also hold my bolt config file. **What problems is Mend.io solving and how is that benefiting you?** Using whitesource bolt and rebovate, I'm able to keep my dependencies updates and safe. I no longer have to worry about managing my dependencies by hand or by relying on GitHubs automated tools which might miss something. ### 45. Whitesource Fenovate is solid **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Education Management | Small-Business (50 or fewer emp.) **Reviewed Date:** March 31, 2022 **What do you like best about Mend.io?** I setup whitesource rennovate to help keep our dependencies up to date. Since doing that we have slowly but surely updated all of our dependencies without spending much developer time. **What do you dislike about Mend.io?** The downside is that rennovate is a bit slow to rerun after you've made a change. For the most part it's fine but when you're getting started and have lots to update it can feel slow. **What problems is Mend.io solving and how is that benefiting you?** Keeping my dependencies up to date for a modern python project that's using poetry and docker. ### 46. Excellent tools **Rating:** 5.0/5.0 stars **Reviewed by:** Gabriel P. | Senior React Developer, Small-Business (50 or fewer emp.) **Reviewed Date:** December 30, 2021 **What do you like best about Mend.io?** I mostly use Renovate, and the difference between its competitors is enormous. Monorepos updates, dependencies dashboard and its response time are what I like the most. **What do you dislike about Mend.io?** Sincerely I cannot think of anything that I dislike. The only improvement I would like is a deeper GitHub integration like they have with Dependabot, but I recognize that it's an effort from both sides. **What problems is Mend.io solving and how is that benefiting you?** My repositories are always updated with the latest dependency versions with minimal effort, which saves a huge amount of time. I'm definitely more productive by using it! ### 47. Easy to use dependency management **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Automotive | Mid-Market (51-1000 emp.) **Reviewed Date:** December 30, 2021 **What do you like best about Mend.io?** We are using WhiteSource's Renovate Bot. It quickly integrates into GitHub Actions, supports private npm registries, and allows grouping of packages which is fantastic if you use TypeScript (you can set up renovate to create one PR for @types package and the related package it self). **What do you dislike about Mend.io?** Right now, there is nothing we dislike about Renovate. It does its job, provides a great developer experience, and makes updating internal core packages more effortless than ever before. **What problems is Mend.io solving and how is that benefiting you?** We are using centralized packages for linting, components, etc.. Renovate makes it easier to ensure that every project uses the latest version of those packages as it automatically creates the update PR's. ### 48. Great bot to keep the app vulnerability free. **Rating:** 5.0/5.0 stars **Reviewed by:** Prateek C. | Software Development Engineer In Test (SDET) [Infosys] , Small-Business (50 or fewer emp.) **Reviewed Date:** September 25, 2021 **What do you like best about Mend.io?** Great app to keep the app vulnerability free as you don't need to worry about upgrading tons of packages in your multiple projects anymore. It does the tedious manual job for you. **What do you dislike about Mend.io?** I've been using renovate for a while now. Don't really know if there's a way to exclude a specific package from upgrading. **Recommendations to others considering Mend.io:** Really easy setup. Smooth integration with git. Keeps your app vulnerability free. Just give it a try. I'm sure you'll find it useful. **What problems is Mend.io solving and how is that benefiting you?** Using Renovate bot to upgrade the dependencies automatically. Biggest benifit is that it keeps the dependencies up to date which helps keeping the app vulnerability free. ### 49. Great tools to help stay on top of the security and updates. **Rating:** 5.0/5.0 stars **Reviewed by:** Sameer P. | Tech Co-Founder, Small-Business (50 or fewer emp.) **Reviewed Date:** February 03, 2022 **What do you like best about Mend.io?** I like how easy it is to get started and running. The security updates that it provide are valuable for the team and helps us move forward quickly. **What do you dislike about Mend.io?** It's hard to setup with private python repo, we had to fork and then use our custom images in the docker to make the renovatebot working on private repos. **What problems is Mend.io solving and how is that benefiting you?** We are solving the updates on the dependencies and also staying on top of the OSS security updates. ### 50. The overall language is amazing **Rating:** 5.0/5.0 stars **Reviewed by:** Daniel N. | IT-Operations Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** October 19, 2021 **What do you like best about Mend.io?** WhiteSource finds dependency in all our configs, even in those use for pipelines like circle ci. **What do you dislike about Mend.io?** There are no changelogs for Docker containers. If this information is available, it would be helpful to include it in the PRs. A focus on CVEs would also be interesting. **Recommendations to others considering Mend.io:** It's easy to use and I can't think of a project that doesn't benefit from using WhiteSource software. **What problems is Mend.io solving and how is that benefiting you?** We currently use the WhiteSource bot to keep our Github repos up to date. The bot helps us keep all dependencies up to date. ## Mend.io Discussions - [Does the above pricing include all vulnerabilities sources?](https://www.g2.com/discussions/do-you-offer-an-on-premise-option) - 1 comment, 1 upvote - [What languages and platforms does your solution support?](https://www.g2.com/discussions/is-my-code-secure-with-your-cloud-based-service) - 1 comment, 1 upvote - [Why are you pricing per contributing developers?](https://www.g2.com/discussions/i-can-t-find-a-plugin-for-my-build-tool-server-does-that-mean-you-cannot-support) - 1 comment, 1 upvote - [Do you offer an on-premise option?](https://www.g2.com/discussions/does-whitesource-work-with-all-languages-and-build-tools) - 1 comment, 1 upvote - [What is a contributing developer?](https://www.g2.com/discussions/3104-how-does-whitesource-work) - 1 comment, 1 upvote - [View Mend.io pricing details and edition comparison](https://www.g2.com/products/mend-io/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-20+01%3A13%3A04+-0500&secure%5Bsession_id%5D=f7e7ff13-7788-40ba-9ec9-317521827c62&secure%5Btoken%5D=68d67e1b770f5d4dd152b159c040b7c4059b865730baf7c4d5351d35293d87cc&format=llm_user) ## Mend.io Features **Administration** - API / Integrations - Extensibility **Administration** - Risk Scoring - Security Auditing - Configuration Management **Performance** - Issue Tracking - Detection Rate - False Positives - Automated Scans **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Security** - Malicious Code - Security Risks **Risk management - Application Security Posture Management (ASPM)** - Vulnerability Management - Risk Assessment and Prioritization - Compliance Management - Policy Enforcement **Functionality - Software Bill of Materials (SBOM)** - Format Support - Annotations - Attestation **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Network** - Compliance Testing - Configuration Monitoring **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Tracking** - Bill of Materials - Audit Trails - Monitoring **Integration and efficiency - Application Security Posture Management (ASPM)** - Integration with Development Tools - Automation and Efficiency **Management - Software Bill of Materials (SBOM)** - Monitoring - Dashboards - User Provisioning **Security** - Security Auditing **Testing** - Command-Line Tools - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Protection** - Dynamic Image Scanning **Application** - Static Code Analysis - Black Box Testing **Reporting and Analytics - Application Security Posture Management (ASPM)** - Trend Analysis - Risk Scoring - Customizable Dashboards **Policy Enforcement and Compliance - AI Security Solutions** - Scalable Governance - Shadow AI - Policy‑as‑Code for AI Assets **Identity** - SSO - Governance - User Analytics **Agentic AI - Vulnerability Scanner** - Autonomous Task Execution - Proactive Assistance **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution **Agentic AI - Application Security Posture Management (ASPM)** - Autonomous Task Execution - Multi-step Planning ## Top Mend.io Alternatives - [Snyk](https://www.g2.com/products/snyk/reviews) - 4.5/5.0 (132 reviews) - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (140 reviews) - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,281 reviews)