We performed a comparison between GitHub and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most important feature of GitHub is the maintainability of the versions of the code."
"It has a lot of features from the code development perspective. You get a lot of features such as repo, commit, merge, and branch. You can play around and do things on the fly. It is easy and simple to deploy. It is also easier to use when working from home."
"It is really simple to set up."
"I use this solution to store my code in a repository so we can manage version control which is useful."
"The product has a very user-friendly interface and user-friendly security."
"The solution can scale."
"This solution is very easy to use which I like about it. The capacity to own artifacts and share them with others is another good feature. You don't have to write all your code from scratch, you can use available templates and alter the code according to your needs."
"GitHub is the best tool for source repositories."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"The results and the dashboard they provide are good."
"The solution is scalable."
"The dashboard view and the management view are most valuable."
"The UI is a little outdated, so that could be improved."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"They're improving the work items to track the progress of the team, but in my experience, Azure DevOps is better in this functionality. GitHub needs to improve the form to track the progress of the work done by a team."
"If you are uploading or cloning a large file, with more than 25 megs, it's pretty slow."
"I would like to see integration with Slack such that all of the changes made in GitHub are reflected there."
"Lacks sufficient support in terms of professional services that could be provided."
"GitHub could expand the limits of the free version."
"It would be useful to have tutorial videos within the GitHub dashboard."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"The solution lacks the code snippet part."
"The only thing that I don't find support for on Mend Prioritize is C++."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"The dashboard UI and UX are problematic."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
GitHub is ranked 9th in Application Security Tools with 74 reviews while Mend.io is ranked 13th in Application Security Tools with 29 reviews. GitHub is rated 8.6, while Mend.io is rated 8.4. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Atlassian SourceTree, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One. See our GitHub vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.