Mend.io and Black Duck compete in open-source dependency management. Mend.io stands out for its user-friendly interface and automated remediation, while Black Duck excels with detailed compliance reporting and policy management.
Features: Mend.io offers automated identification and remediation, Smart Fix for vulnerabilities, and seamless CI/CD integration. Black Duck provides robust binary analysis, extensive policy management, and detailed licensing compliance reports supporting multiple platforms.
Room for Improvement: Mend.io needs to expand language support and enhance UI navigation. It could also improve policy configuration and report customization. Black Duck requires better pricing flexibility, clearer documentation, and faster vulnerability scanning. It also needs better integration with tools like Coverity and dynamic analysis enhancements.
Ease of Deployment and Customer Service: Mend.io offers flexible deployment options like public and hybrid cloud and has highly rated customer service. Black Duck provides cloud and on-premises deployments catering to privacy needs, with reliable but sometimes lacking support in complex deployments.
Pricing and ROI: Mend.io is cost-effective with competitive pricing and strong ROI through automation. Its pricing is accessible for efficient vulnerability management. Black Duck, though feature-rich, has higher pricing impacting smaller organizations. It delivers ROI mainly through compliance management, but its cost-benefit ratio is a concern for some users.
If you're using it on critical external programs where there is regulatory compliance on ensuring that the source code is clean from open-source, there's substantial ROI.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
There are some pain points with the response time and first-level support quality.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
I would rate the scalability of Black Duck 8 or 9.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
It can improve on the security side of it, specifically vulnerabilities identification.
Black Duck does not have the SBOM management part.
There are areas for improvement such as false positives and the scanning of containers.
The actual challenge is how easy it is to integrate it in the early phase of the software development life cycle.
The organization decided to consolidate tools and chose Snyk since it provides multiple functionalities in one solution.
The cost of Mend.io is competitive, being quite low compared to others.
The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management.
Black Duck's ability to identify dependencies very accurately has been most valuable in identifying and mitigating risks.
The software composition analysis is most effective for security risk management.
We find it 100% accurate in detecting vulnerabilities.
It handles Application Security, performing SCA SAST and container scanning.
Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.
Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis, effective vulnerability scanning, and a comprehensive knowledge base are some of its valuable features. Despite needing improvements in scanning speed, UI, and documentation, Black Duck remains crucial for ensuring open-source security and compliance.
What are Black Duck's most important features?
What benefits or ROI should users look for in reviews?
Black Duck is implemented by industries ranging from finance to healthcare, addressing security and compliance in open-source usage. Financial institutions employ it to manage license risks and ensure audit readiness. Healthcare organizations use it to comply with stringent data protection regulations, ensuring patient data security and privacy. Tech companies integrate Black Duck within CI/CD pipelines to maintain the security and compliance of software products before release. Its deployment varies, tailored to meet the specific risk management and compliance needs dictated by each sector's regulatory environment.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
