No more typing reviews! Try our Samantha, our new voice AI agent.
Mend.io Logo

Mend.io pros and cons

Vendor: Mend.io
4.2 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Mend.io streamlines scanning and managing third-party libraries, ensuring license compliance and offering detailed reporting with a single click. It enhances security through robust inventory management and vulnerability fixes, integrated seamlessly with CI/CD platforms like Azure. Though setup is easy, it needs more role definitions and better ACL for large organizations. Expanding code analysis features and improving container scanning could further strengthen it, alongside faster package manager updates.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Mend.io enables scanning and collecting third-party libraries, classifying license types, and ensuring third-party software policy compliance.
Its reporting capabilities allow generating open-source license reports with all copyright and license information, including dependencies, in a single click.
Mend.io offers fix suggestions for vulnerabilities, providing specific traces and the best remediation paths.
It features robust inventory management and identification of security vulnerabilities, enhancing overall business security.
Mend.io is easy to set up, making integration and scanning quick and convenient, with seamless CI/CD integration through platforms like Azure.

CONS

Needs better ACL and more role definitions to support large organizations effectively.
Mend.io's functionality could be expanded to include static and dynamic code analysis.
Integration with DevOps tools is complicated, and a lack of preconfigured policy templates results in tedious manual configurations.
Scanning container images and layers needs improvement, along with enhanced identification of library locations in the source code.
The current support for package managers is limited, requiring faster updates when needed.
 

Mend.io Pros review quotes

meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Dec 17, 2025
Once we onboarded to Mend.io, we saw a drastic improvement in the way Mend.io reported the SCA findings.
Read full review
reviewer1252050 - PeerSpot reviewer
reviewer1252050
VP at a tech vendor with 5,001-10,000 employees
Oct 27, 2025
The features I find most valuable in Mend.io are the ease of use; it is very easy to access and integrate.
Read full review
meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Nov 28, 2024
Mend.io is very robust in terms of managing third-party dependencies.
Read full review
Buyer's Guide
Mend.io
April 2026
Free Report: Mend.io Reviews and More
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
SR
SrikanthRaghavan
Principal Architect at a consultancy with 11-50 employees
May 19, 2025
Mend.io is a security tool that provides security feedback for all tests.
Read full review
SM
Sonal Moon
Product Security Architect at Pitney Bowes Inc.
Sep 26, 2023
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions.
Read full review
reviewer1928817 - PeerSpot reviewer
reviewer1928817
Sr. Manager at a financial services firm with 10,001+ employees
Jul 31, 2022
Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.
Read full review
Jeffrey Harker - PeerSpot reviewer
Jeffrey Harker
System Manager of Cloud Engineering at Common Spirit
May 12, 2022
We set the solution up and enabled it and we had everything running pretty quickly.
Read full review
reviewer2165991 - PeerSpot reviewer
reviewer2165991
Release Manager at a tech vendor with 501-1,000 employees
Apr 23, 2023
What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.
Read full review
KW
Kieran Whelan
Principal Security Engineer at Texthelp Ltd.
Jan 10, 2023
There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.
Read full review
reviewer1915362 - PeerSpot reviewer
reviewer1915362
IT Service Manager at a wholesaler/distributor with 51-200 employees
Jul 17, 2022
I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.
Read full review
Show 10 more reviews (out of 32)
 

Mend.io Cons review quotes

meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Dec 17, 2025
We wanted to have certain reports based on our kind of scenario, but the tool did not allow us to create custom reports.
Read full review
reviewer1252050 - PeerSpot reviewer
reviewer1252050
VP at a tech vendor with 5,001-10,000 employees
Oct 27, 2025
The tools need to bring down the pricing because software in SaaS or on-prem is becoming a more expensive affair.
Read full review
meetharoon - PeerSpot reviewer
meetharoon
CEO at a computer software company with 10,001+ employees
Nov 28, 2024
AI integration in code security tools like Mend.io is still in its early stages and relatively immature.
Read full review
Buyer's Guide
Mend.io
April 2026
Free Report: Mend.io Reviews and More
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
SR
SrikanthRaghavan
Principal Architect at a consultancy with 11-50 employees
May 19, 2025
The main consideration is the cost. The products always have their maturity.
Read full review
SM
Sonal Moon
Product Security Architect at Pitney Bowes Inc.
Sep 26, 2023
I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant.
Read full review
reviewer1928817 - PeerSpot reviewer
reviewer1928817
Sr. Manager at a financial services firm with 10,001+ employees
Jul 31, 2022
Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.
Read full review
Jeffrey Harker - PeerSpot reviewer
Jeffrey Harker
System Manager of Cloud Engineering at Common Spirit
May 12, 2022
At times, the latency of getting items out of the findings after they're remediated is higher than it should be.
Read full review
reviewer2165991 - PeerSpot reviewer
reviewer2165991
Release Manager at a tech vendor with 501-1,000 employees
Apr 23, 2023
On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization.
Read full review
KW
Kieran Whelan
Principal Security Engineer at Texthelp Ltd.
Jan 10, 2023
Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.
Read full review
reviewer1915362 - PeerSpot reviewer
reviewer1915362
IT Service Manager at a wholesaler/distributor with 51-200 employees
Jul 17, 2022
We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap.
Read full review
Show 10 more reviews (out of 32)

Product Categories

Product Categories
Software Composition Analysis (SCA)
Application Security Tools
Static Code Analysis
Software Supply Chain Security

Popular Comparisons

Popular Comparisons
SonarQube vs Mend.io Logo
SonarQube vs Mend.io
Snyk vs Mend.io Logo
Snyk vs Mend.io
Checkmarx One vs Mend.io Logo
Checkmarx One vs Mend.io
GitLab vs Mend.io Logo
GitLab vs Mend.io
Veracode vs Mend.io Logo
Veracode vs Mend.io
CrowdStrike Falcon Cloud Security vs Mend.io Logo
CrowdStrike Falcon Cloud Security vs Mend.io
JFrog Xray vs Mend.io Logo
JFrog Xray vs Mend.io
Black Duck SCA vs Mend.io Logo
Black Duck SCA vs Mend.io
Acunetix vs Mend.io Logo
Acunetix vs Mend.io
PortSwigger Burp Suite Professional vs Mend.io Logo
PortSwigger Burp Suite Professional vs Mend.io
OpenText Core Application Security vs Mend.io Logo
OpenText Core Application Security vs Mend.io
Sonatype Lifecycle vs Mend.io Logo
Sonatype Lifecycle vs Mend.io
GitHub Advanced Security vs Mend.io Logo
GitHub Advanced Security vs Mend.io
GitGuardian Platform vs Mend.io Logo
GitGuardian Platform vs Mend.io
Qualys CyberSecurity Asset Management vs Mend.io Logo
Qualys CyberSecurity Asset Management vs Mend.io
See all alternatives

Product Categories

Product Categories
Software Composition Analysis (SCA)
Application Security Tools
Static Code Analysis
Software Supply Chain Security

Popular Comparisons

Popular Comparisons
SonarQube vs Mend.io Logo
SonarQube vs Mend.io
Snyk vs Mend.io Logo
Snyk vs Mend.io
Checkmarx One vs Mend.io Logo
Checkmarx One vs Mend.io
GitLab vs Mend.io Logo
GitLab vs Mend.io
Veracode vs Mend.io Logo
Veracode vs Mend.io
CrowdStrike Falcon Cloud Security vs Mend.io Logo
CrowdStrike Falcon Cloud Security vs Mend.io
JFrog Xray vs Mend.io Logo
JFrog Xray vs Mend.io
Black Duck SCA vs Mend.io Logo
Black Duck SCA vs Mend.io
Acunetix vs Mend.io Logo
Acunetix vs Mend.io
PortSwigger Burp Suite Professional vs Mend.io Logo
PortSwigger Burp Suite Professional vs Mend.io
OpenText Core Application Security vs Mend.io Logo
OpenText Core Application Security vs Mend.io
Sonatype Lifecycle vs Mend.io Logo
Sonatype Lifecycle vs Mend.io
GitHub Advanced Security vs Mend.io Logo
GitHub Advanced Security vs Mend.io
GitGuardian Platform vs Mend.io Logo
GitGuardian Platform vs Mend.io
Qualys CyberSecurity Asset Management vs Mend.io Logo
Qualys CyberSecurity Asset Management vs Mend.io
See all alternatives
Related questions
  • 31
How does Camunda Platform compare with Apache Airflow?
  • 43
How does WhiteSource compare with SonarQube?
  • 127
How does WhiteSource compare with Black Duck?
  • 66
What tools do you rely on for building a DevSecOps pipeline?
  • 74
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 48
What is the best way to track open-source license compatibility?
  • 86
How long does SCA scanning take?
  • 282
Why is Software Composition Analysis (SCA) important for companies?
  • 66
Differences between Black Duck & Veracode
  • 67
What SCA solution do you recommend?