Checkmarx One and Mend.io compete in the application security space, focusing on code analysis and vulnerability management. Checkmarx One seems to have the upper hand with its thorough code analysis and pinpointing abilities that aid in precise remediation.
Features: Checkmarx One provides detailed code analysis without requiring code compilation, supports a wide array of programming languages, and integrates seamlessly with various repositories enhancing vulnerability identification. Mend.io includes features like extensive open-source licensing analysis, vulnerability alerts, and policy automation, making it effective in managing third-party dependencies and open-source components.
Room for Improvement: Checkmarx One needs to reduce false positives, expand language support for newer languages like Swift, and address flexibility issues in its licensing model. Mend.io should improve support for diverse package managers, enhance the user interface for navigation, and offer quicker updates and more comprehensive alert management.
Ease of Deployment and Customer Service: Checkmarx One supports deployment across various environments like on-premises and cloud solutions, offering flexibility for enterprises but may require persistent follow-ups for customer support. Mend.io, mainly cloud-based, offers easy setup and quick startup, with customer service praised for quick resolutions.
Pricing and ROI: Checkmarx One is priced higher due to its comprehensive features but has a complex cost structure with potential hidden costs. It delivers good ROI with enhanced security benefits. Mend.io offers a flexible pricing model tailored to organizational needs, though initial costs can be high. It provides good ROI by reducing time to production and improving security practices.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
The actual challenge is how easy it is to integrate it in the early phase of the software development life cycle.
The organization decided to consolidate tools and chose Snyk since it provides multiple functionalities in one solution.
The cost of Mend.io is competitive, being quite low compared to others.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
We find it 100% accurate in detecting vulnerabilities.
It handles Application Security, performing SCA SAST and container scanning.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
