We performed a comparison between HCL AppScan and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are now deploying less defects to production."
"The security and the dashboard are the most valuable features."
"We use it as a security testing application."
"The solution is easy to use."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"The solution offers services in a few specific development languages."
"The most valuable feature of HCL AppScan is scanning QR codes."
"This solution saves us time due to the low number of false positives detected."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"The solution is scalable."
"The dashboard view and the management view are most valuable."
"Improvement can be done as per customer requirements."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"Scans become slow on large websites."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"The product has some technical limitations."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. HCL AppScan is rated 7.8, while Mend.io is rated 8.4. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Invicti, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Coverity. See our HCL AppScan vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
