Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
110 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Good tool but UI is clunky
What do you like best about the product?
The information about vulnerabilities is generally up to date.
What do you dislike about the product?
The UI is very clunky. Doesn't integrate well into development workflow. as we need to come to this tool to audit the findings. Would be nice to have it as a github plugin from where we can directly audit the findings.
What problems is the product solving and how is that benefiting you?
The main challenge it solves is that it scans our dependencies for vulnerabilities.
Being integrated in our corporate toolchain means, that we don't have to justify the value multiple times to stakeholders.
Being integrated in our corporate toolchain means, that we don't have to justify the value multiple times to stakeholders.
Make it easy for your development team to address open source risk
What do you like best about the product?
Mend is a very intuitive tool that has integrations with many typical pipelines and repos. We have found it to be very good at identifying vulnerable components with a low false positive rate. It provides good recommendations for the best fix version of a library.
What do you dislike about the product?
Mend is starting to build out full support for exporting results in standard SBOM formats, but generating these outputs currently requires running separate Python scripts.
What problems is the product solving and how is that benefiting you?
Mend is used to address open source risk by evaluating for vulnerabilities, license risk, and code quality. It supports the enforcement of policies.
Good tool for SCA
What do you like best about the product?
1. Seemless integration with SCM.
2. License management for open source repositories.
2. License management for open source repositories.
What do you dislike about the product?
It would be great if an auto dependency resolution/management is provided for any finding.
What problems is the product solving and how is that benefiting you?
Implementing shift left strategy
Better code.
What do you like best about the product?
Scanning for the vulnerabilities is always updated and the research team is doing an amazing job keeping everything up-to-date and not missing any vulnerability.
What do you dislike about the product?
I feel that the dashboard's UI can look nicer and more readable. eg better views, more modern design, easier access to products and related projects with a tree view.
What problems is the product solving and how is that benefiting you?
Security vulnerabilities, avoiding/fixing them to get a more secure product that satisfies the higher-ups and the clients together which increased the business performance
Effective and easy to use OSS scanning
What do you like best about the product?
Scanning is simple with an easy-to-use agent.
Reports are easy to read providing useful insight.
Reports are easy to read providing useful insight.
What do you dislike about the product?
The Mend Portal can be slow on occassion.
Some parts of the interface are not as intuitive as they could be.
Some parts of the interface are not as intuitive as they could be.
What problems is the product solving and how is that benefiting you?
I have some maven based build issues. Mend Support is providing effective and swift guidance on how to solve these issues.
Easy to use and fast for getting results
What do you like best about the product?
Very easy to set up and make it work. Also very easy to modify the set up and add or remove new repos. I really like the fact that after each merge Mend automatically creates issues associated with each problematic dependency, and those are automatically closed if the issue is resolved.
What do you dislike about the product?
So far there hasn't been any areas that I disliked. I haven't dig deep into the documentation yet, but it was not immediately clear if Mend will automatically assess PRs before merging and add any comments to them.
What problems is the product solving and how is that benefiting you?
The main area we use Mend for right now is analyzing vulnerabilities of the dependencies that we use. In our platform security is very important since we deal with sensitive customer information and their transactions data. We need to make sure the 3rd-party libraries that we use have no known vulnerabilities.
Great platform and team is always working on improving the product
What do you like best about the product?
Overall I feel that Mend is a good platform and what I love most is that they are always working on continued improvements.
Moreover features like prioritize etc make it the best
Moreover features like prioritize etc make it the best
What do you dislike about the product?
frankly it's a good tool. Still, if i have to list the cons,i would say .so , .a file types support should be added. Also, prioritize should include support for more and more package maangers .
What problems is the product solving and how is that benefiting you?
all our deployment compliance, license violation issues, library management, vulnerability management , in house patterns/libraries and policy violation are trusted to Mend .
Rocky Implementation with Reliable Vulnerability Management
What do you like best about the product?
Mend has timely support through their portal and sales rep which has been very helpful. Their newest documentation is overhauled which is a huge plus compared to their previous WhiteSource documentation. Their vulnerability management has timely alerts, a wealth of information on findings and integrations.
What do you dislike about the product?
Implementation was challenging even with technical support. We were unable to effectively get the unified agent configuration working even though we had this 5 months prior in a POC. We opted to go for Azure integration which worked easily out of the box (a plus) but is a bit limited in scope for how we handled effective vulnerabilities.
Reporting is lacking especially when using the tool as a compliance/inventory management process. Risk acceptance lasts indefinitely rather than a threshold e.g. 90 days / 360 days.
Reporting is lacking especially when using the tool as a compliance/inventory management process. Risk acceptance lasts indefinitely rather than a threshold e.g. 90 days / 360 days.
What problems is the product solving and how is that benefiting you?
We primarily use Mend for automated static code analysis of our open-source development projects. THe product solves our vulnerability management gap with open-source solutions and is used to solve as a list of approved libraries.
A very promising security product and business line
What do you like best about the product?
The simplicity of scanning
The simplicity of the GUI and able to drill down into where exactly a particular library is fetched from
Ability to download reports and more meaningful reports as compared to other products (Snyk, CodeClimate)
The simplicity of the GUI and able to drill down into where exactly a particular library is fetched from
Ability to download reports and more meaningful reports as compared to other products (Snyk, CodeClimate)
What do you dislike about the product?
The complexity in scanning different technologies and educating developers how to scan their code and read their dashboards
Sometimes, downstream dependencies are displayed (false positives) , it is extremely hard for engineers to figure out the tree maps and fix the problematic lines of code
The "Requires Review" section is very wide and demands the review and sign off from different departments like developer+devops+Management. But the GUI does not support this in a user friendly way.
When we mark a library "in-house" or try to "whitelist it" it becomes permanently marked as such instead of allowing us to revisit it.
Sometimes, downstream dependencies are displayed (false positives) , it is extremely hard for engineers to figure out the tree maps and fix the problematic lines of code
The "Requires Review" section is very wide and demands the review and sign off from different departments like developer+devops+Management. But the GUI does not support this in a user friendly way.
When we mark a library "in-house" or try to "whitelist it" it becomes permanently marked as such instead of allowing us to revisit it.
What problems is the product solving and how is that benefiting you?
The problem of knowing what are the OSS bundled into our source code
Developers urgently reference libraries to develop features without much focus on static application security, as admins we are able to capture those early in SDLC
Developers urgently reference libraries to develop features without much focus on static application security, as admins we are able to capture those early in SDLC
SAST SCA scanning in good budget
What do you like best about the product?
The scan results are pretty accurate and explained in a very good way. We can raise an issues on their support portal which is providing responses to our cases in a quick time.
What do you dislike about the product?
They are yet to merge their SAST and SCA portals which is important.
Their support is missing a chat feature which is important in case of urgent issues.
Documentation should be improved.
Their support is missing a chat feature which is important in case of urgent issues.
Documentation should be improved.
What problems is the product solving and how is that benefiting you?
Mend is scanning our source code as well as the libraries and providing us the list of vulnerabilities present in our source code or libraries where we need to improve and produce a better product.
showing 31 - 40