We performed a comparison between Mend.io and ShiftLeft based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The solution is scalable."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"The overall support that we receive is pretty good. "
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The results and the dashboard they provide are good."
"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"Make the product available in a very stable way for other web browsers."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"I would like to see the static analysis included with the open-source version."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
Mend.io is ranked 13th in Application Security Tools with 29 reviews while ShiftLeft is ranked 26th in Application Security Tools with 1 review. Mend.io is rated 8.4, while ShiftLeft is rated 10.0. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One, whereas ShiftLeft is most compared with SonarQube and Black Duck.
See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.