External reviews
109 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Effective and easy to use OSS scanning
What do you like best about the product?
Scanning is simple with an easy-to-use agent.
Reports are easy to read providing useful insight.
Reports are easy to read providing useful insight.
What do you dislike about the product?
The Mend Portal can be slow on occassion.
Some parts of the interface are not as intuitive as they could be.
Some parts of the interface are not as intuitive as they could be.
What problems is the product solving and how is that benefiting you?
I have some maven based build issues. Mend Support is providing effective and swift guidance on how to solve these issues.
Easy to use and fast for getting results
What do you like best about the product?
Very easy to set up and make it work. Also very easy to modify the set up and add or remove new repos. I really like the fact that after each merge Mend automatically creates issues associated with each problematic dependency, and those are automatically closed if the issue is resolved.
What do you dislike about the product?
So far there hasn't been any areas that I disliked. I haven't dig deep into the documentation yet, but it was not immediately clear if Mend will automatically assess PRs before merging and add any comments to them.
What problems is the product solving and how is that benefiting you?
The main area we use Mend for right now is analyzing vulnerabilities of the dependencies that we use. In our platform security is very important since we deal with sensitive customer information and their transactions data. We need to make sure the 3rd-party libraries that we use have no known vulnerabilities.
A very promising security product and business line
What do you like best about the product?
The simplicity of scanning
The simplicity of the GUI and able to drill down into where exactly a particular library is fetched from
Ability to download reports and more meaningful reports as compared to other products (Snyk, CodeClimate)
The simplicity of the GUI and able to drill down into where exactly a particular library is fetched from
Ability to download reports and more meaningful reports as compared to other products (Snyk, CodeClimate)
What do you dislike about the product?
The complexity in scanning different technologies and educating developers how to scan their code and read their dashboards
Sometimes, downstream dependencies are displayed (false positives) , it is extremely hard for engineers to figure out the tree maps and fix the problematic lines of code
The "Requires Review" section is very wide and demands the review and sign off from different departments like developer+devops+Management. But the GUI does not support this in a user friendly way.
When we mark a library "in-house" or try to "whitelist it" it becomes permanently marked as such instead of allowing us to revisit it.
Sometimes, downstream dependencies are displayed (false positives) , it is extremely hard for engineers to figure out the tree maps and fix the problematic lines of code
The "Requires Review" section is very wide and demands the review and sign off from different departments like developer+devops+Management. But the GUI does not support this in a user friendly way.
When we mark a library "in-house" or try to "whitelist it" it becomes permanently marked as such instead of allowing us to revisit it.
What problems is the product solving and how is that benefiting you?
The problem of knowing what are the OSS bundled into our source code
Developers urgently reference libraries to develop features without much focus on static application security, as admins we are able to capture those early in SDLC
Developers urgently reference libraries to develop features without much focus on static application security, as admins we are able to capture those early in SDLC
Secure your projects with Mend
What do you like best about the product?
The best thing is the security and easy to use. The mend bot offers couple of qualities to protect your projects against several security protocols warnings. It is very helpful.
What do you dislike about the product?
To be honest there's only one thing which i dislike about this great bot is limitation of free account, you will only get limited scans for free account which needs to be increased.
What problems is the product solving and how is that benefiting you?
Mend bot is very intelligent and i helped me with all dependencies and unknown random files issues and give me overall issue report to customize the threat. Very useful.
Great Tool for Managing 3rd party libraries
What do you like best about the product?
Mend eases the process of keeping track of all the used 3rd party dependencies within a product. It not only scans for the pure occurrence (also transitively) but takes also care of license and vulnerabilities.
What do you dislike about the product?
In the beginning, it is a steep learning curve to configure the tool and integrate it into custom pipelines. With the help of a succeess manager, this also works out. Since the usage of renovate, we have up-to-date libraries across all our projects, but not all versions are known immediately by the dashboard.
What problems is the product solving and how is that benefiting you?
Mend helps you to track which libraries are used within a piece of software. It keeps track of the vulnerabilities and also keeps track of the license. With single clicks, you can generate the necessary license overview and ensure the vulnerability state of your application.
Whitesource Fenovate is solid
What do you like best about the product?
I setup whitesource rennovate to help keep our dependencies up to date. Since doing that we have slowly but surely updated all of our dependencies without spending much developer time.
What do you dislike about the product?
The downside is that rennovate is a bit slow to rerun after you've made a change. For the most part it's fine but when you're getting started and have lots to update it can feel slow.
What problems is the product solving and how is that benefiting you?
Keeping my dependencies up to date for a modern python project that's using poetry and docker.
Whitesource
What do you like best about the product?
Interface and flow of the application.Also the simplicity
What do you dislike about the product?
Nothing specific thing that i would dislike
What problems is the product solving and how is that benefiting you?
Business needs and mostly it's in trial phase so no enough data for now
Renovate bot works nicely
What do you like best about the product?
The automation of the process of updating
What do you dislike about the product?
The initial setup. Going through a quick wizard would reduce friction of understanding the config options
What problems is the product solving and how is that benefiting you?
Saving time in keeping my software up to date. Much less manual work
First steps with renovate and Terraform
What do you like best about the product?
It works with a bare minimum of configuration
What do you dislike about the product?
It took me quite a while to find out what that bare minimum was although there is documentation available.
What problems is the product solving and how is that benefiting you?
Find out when you run behind using certain versions of Terraform modules
Extremely Flexible Dependency Update Manager
What do you like best about the product?
They had an option for nearly every configuration I wanted.
What do you dislike about the product?
Renovate really taxes my build system credits since there are so many PRs. There's an option to group PRs, but then if they fail CI I have to figure out which dependency caused the failure manually. Ideally, it would group dependency updates but then do a binary search to find the update that broke the build (Similar to bors for regular PRs, but I can't use bors to solve dependency problems because automerge will always fail due to conflicts in lockfiles)
What problems is the product solving and how is that benefiting you?
Trying to regularly update my dependencies to get ahead of security vulnerabilities and prevent dependency ossification.
showing 21 - 30