Klocwork and Mend.io are both prominent in static code analysis and security testing. Mend.io seems to have the upper hand due to its automation and expansive vulnerability database, offering greater efficiency, especially in large-scale projects.
Features: Klocwork provides effective analysis for code quality, bug detection, and vulnerability identification across a wide range of programming languages. Mend.io offers comprehensive vulnerability scanning, an auto-remediation feature, and robust automation, facilitating efficient security management.
Room for Improvement: Klocwork could enhance its documentation and support for advanced features. Improving the user interface and expanding integration capabilities with third-party tools would be beneficial. Mend.io could focus on boosting scan speeds and reducing false positives. Streamlining its setup process can enhance user experience.
Ease of Deployment and Customer Service: Klocwork is known for straightforward deployment and reliable customer support, quickly resolving user queries. Mend.io provides flexible deployment but may require more setup time. Users find Mend.io responsive to customer service requests, making it a valuable tool for those needing immediate support.
Pricing and ROI: Klocwork offers competitive pricing, delivering substantial ROI in complex environments. Mend.io, while more expensive, offers significant ROI through enhanced security and automation. Its extensive database often justifies the cost for larger enterprises.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
Mend.io has provided a good return on investment by significantly reducing vulnerabilities.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
They prioritize providing the best experience to large organizations like ours, belonging to the Fortune 100.
Mend.io provides pretty good support.
I have noticed that the speed to respond has decreased over time.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
Installation is easy, and the solution is stable.
Mend.io is very stable; we did not have any issues.
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
There are too many warnings, and it requires expertise to determine the correct category for them.
That's not a limitation of Mend.io; I think that's a general problem with any tool in the market because no tool in the market will actually know what portion of the code I'm actually using from that particular library if it is vulnerable or not.
I strongly recommend that they start working with AI for the reporting part.
The actual challenge is how easy it is to integrate it in the early phase of the software development life cycle.
It is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
The cost of Mend.io is competitive, being quite low compared to others.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Its integration with the CI/CD pipeline has helped streamline the software development process.
It takes just half a day to set up.
We find it 100% accurate in detecting vulnerabilities.
Mend.io's reporting tools are beneficial for my use case; from a UI perspective and generation of reports, including the SBOM, it has the flexibility and is easy to generate and share with the developer teams.
Mend.io is very efficient, highly efficient, and it is the best scanning tool for SCA.
| Product | Market Share (%) |
|---|---|
| Klocwork | 1.4% |
| Mend.io | 2.8% |
| Other | 95.8% |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 12 |
| Company Size | Count |
|---|---|
| Small Business | 10 |
| Midsize Enterprise | 3 |
| Large Enterprise | 20 |
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
Mend.io Features
Mend.io has many valuable key features. Some of the most useful ones include:
Mend.io Benefits
There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.
Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”
PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”
An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”
Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
