Mend is one of the good tool and we can use the tool SCA, SAST and container scans and results are good compared to other tools Review collected by and hosted on G2.com.
More false positives, difficult intagration, lot of issue in scanner updations and configuration Review collected by and hosted on G2.com.
111 out of 112 Total Reviews for Mend.io
Overall Review Sentiment for Mend.io
Log in to view review sentiment.
I really like the ability to integrate the tooling directly into our source code repository. This allows us to scan hundreds of repositories without needing to configure each of them separately. Onboarding is simple and the updated user interface is attractive and easy to use. Review collected by and hosted on G2.com.
SAST capabilities are new and still maturing. Documentation is good, but could use some improvement. Review collected by and hosted on G2.com.
The most helpful feature in Mend.io is the Prioritize feature. It is a fast scan that checks if a vulnerability is reacheable by your code. So you can fix the vulnerabilities that trully affects your application Review collected by and hosted on G2.com.
I miss some kind of PoC for the CVEs that mend identifies. Some times it's hard to verify if the vulnerability is a true positive Review collected by and hosted on G2.com.
One of the strengths of Mend.io lies in the simplicity of integrating their unified agent into our Continuous Integration pipeline. This streamlined process, with its commendable support system and verbose documentation, has reduced setup times. We're now efficiently detecting open-source license violations. Coupled with the integration with JIRA, it ensures that open vulnerabilities are promptly and systematically recorded, streamlining our response and tracking processes. Review collected by and hosted on G2.com.
While the platform functions efficiently, there's scope for modernising the user interface. It would be beneficial to see Mend.io adopt a more contemporary design. However, it's worth noting that this aesthetic aspect doesn't detract from the product's overall usability. Review collected by and hosted on G2.com.
It's scanning capabilities are more than useful. CSM and support teams are really helpful and reactive. Review collected by and hosted on G2.com.
Its integration with on-premise tools can be challenging. Review collected by and hosted on G2.com.
It is easy to navigate and to find vulnerabilities and violations. Review collected by and hosted on G2.com.
I know there is a newer version coming, but it could have a bit more functionality. Review collected by and hosted on G2.com.
Mend has several strengths. First, the company behind it is relatively transparent, helpful, and straightforward. I appreciated that they didn't oversell the product the way several competitors did. The software integrates nicely with Microsoft development tools. Customer support is good and responsive as well. Review collected by and hosted on G2.com.
This isn't really a knock, but as a point in time, they are integrating the SCA and the, I think, acquired SAST solutions together into a common platform. Obviously, that's a large effort, and once that is done, it will be even better. Review collected by and hosted on G2.com.
Mend supports source code library scans, container scans and also checks licenses used by our apps and services to ensure we are meeting our security, compliance and licensing requirements. We would have to use multiple platforms to achieve this. Review collected by and hosted on G2.com.
Mend is investing heavily in updating their scanning to be simpler and easier to use, however the new scanning tool does not support all of our use cases yet and we have to use a multitude of scanning methods on the mend platform to meet our needs. For example the CLI tool does not support poetry for python yet. We often have to roll our own utilities to make Mend work nicely with our CI/CD tooling, such as creating our own clean up tools and pipes to process the scan results. Review collected by and hosted on G2.com.
