We performed a comparison between GitHub Advanced Security and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"Dependency scanning is a valuable feature."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"The results and the dashboard they provide are good."
"For us, the most valuable tool was open-source licensing analysis."
"The dashboard view and the management view are most valuable."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"The customizations are a little bit difficult."
"The report limitations are the main issue."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"There could be DST features included in the product."
"The only thing that I don't find support for on Mend Prioritize is C++."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"The solution lacks the code snippet part."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"I would like to see the static analysis included with the open-source version."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
GitHub Advanced Security is ranked 16th in Application Security Tools with 6 reviews while Mend.io is ranked 13th in Application Security Tools with 29 reviews. GitHub Advanced Security is rated 9.0, while Mend.io is rated 8.4. The top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". GitHub Advanced Security is most compared with SonarQube, Snyk, Veracode and Fortify on Demand, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One. See our GitHub Advanced Security vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.