• Home
  • Klocwork vs. Mend.io

Klocwork vs Mend.io comparison

Cancel
You must select at least 2 products to compare!
Perforce Logo
Klocwork
Read 20 Klocwork reviews
3,414 views|2,057 comparisons
91% willing to recommend
Mend.io Logo
Mend.io
Read 29 Mend.io reviews
9,724 views|5,701 comparisons
96% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Klocwork vs. Mend.io
May 2024
Executive Summary

We performed a comparison between Klocwork and Mend.io based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Klocwork vs. Mend.io Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Anonymous User
Their technical team helps us get the most out of the solution, but we've faced some stability problems in our...
Klocwork created an environment where the engineers have checks and balances as they develop and progress through our release process. The solution... Read more →
Bruno Lavit
Automation, such as automated pull requests, saves us significant time
Since we moved to Mend.io, a long time ago, everything has been fully automated and we are saving a lot of time. When it comes to MTTR, we are... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time.""Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem.""We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability.""The ability to create custom checkers is a plus.""There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely.""On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively.""Technical support is quite good.""The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."

More Klocwork Pros →

"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed.""The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.""The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar).""The dashboard view and the management view are most valuable.""It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions.""With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions.""The vulnerability analysis is the best aspect of the solution.""The solution boasts a broad range of features and covers much of what an ideal SCA tool should."

More Mend.io Pros →

Cons
"We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else.""Every update that we receive requires of us a lengthy and involved process.""Klocwork has to improve its features to stay ahead of other free solutions.""Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report.""I believe it should support more languages, such as Python and JavaScript.""Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages.""I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc.""We'd like to see integration with Agile DevOps and Agile methodologies."

More Klocwork Cons →

"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting.""At times, the latency of getting items out of the findings after they're remediated is higher than it should be.""Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.""I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.""The UI is not that friendly and you need to learn how to navigate easily.""Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model.""It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process.""They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."

More Mend.io Cons →

Pricing and Cost Advice
  • "Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."
  • "Klocwork should not to be quite so heavy handed on the licensing for very specific programs."
  • "The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."
  • "When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
  • "Licensing fees are paid annually, but they also have a perpetual license."
  • "There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
  • "The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
  • "This solution offers competitive pricing."

    • More Klocwork Pricing and Cost Advice →

  • "We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
  • "The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
  • "Pricing is competitive."
  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."

    • More Mend.io Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Klocwork?
    Top Answer:It's integrated into our CI, continuous integration.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for Klocwork?
    Top Answer:Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into… more »
    Read all 11 answers   →
    What needs improvement with Klocwork?
    Top Answer:The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all… more »
    Read all 14 answers   →
    How does WhiteSource compare with SonarQube?
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Mend.io?
    Top Answer:The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related… more »
    Read all 23 answers   →
    Ranking
    15th
    out of 75 in Application Security Tools
    Views
    3,414
    Comparisons
    2,057
    Reviews
    5
    Average Words per Review
    850
    Rating
    8.4
    13th
    out of 75 in Application Security Tools
    Views
    9,724
    Comparisons
    5,701
    Reviews
    7
    Average Words per Review
    1,422
    Rating
    8.6
    Comparisons
    SonarQube logo
    SonarQube vs. Klocwork
    Compared 36% of the time.
    Coverity logo
    Coverity vs. Klocwork
    Compared 35% of the time.
    Polyspace Code Prover logo
    Polyspace Code Prover vs. Klocwork
    Compared 10% of the time.
    Checkmarx One logo
    Checkmarx One vs. Klocwork
    Compared 5% of the time.
    CodeSonar logo
    CodeSonar vs. Klocwork
    Compared 5% of the time.
    More Klocwork Competitors   →
    SonarQube logo
    SonarQube vs. Mend.io
    Compared 25% of the time.
    Black Duck logo
    Black Duck vs. Mend.io
    Compared 16% of the time.
    Veracode logo
    Veracode vs. Mend.io
    Compared 9% of the time.
    Snyk logo
    Snyk vs. Mend.io
    Compared 8% of the time.
    Checkmarx One logo
    Checkmarx One vs. Mend.io
    Compared 8% of the time.
    More Mend.io Competitors   →
    Also Known As
    WhiteSource, Mend SCA, Mend.io Supply Chain Defender
    Learn More
    Perforce
    Mend.io
    Overview

    Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

    Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend.io Features

    Mend.io has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend.io Benefits

    There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend.io platform is very user-friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend.io provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Sample Customers
    ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
    Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    REVIEWERS
    Manufacturing Company50%
    Non Tech Company10%
    Transportation Company10%
    Computer Software Company10%
    VISITORS READING REVIEWS
    Educational Organization39%
    Manufacturing Company19%
    Computer Software Company10%
    Financial Services Firm4%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Wholesaler/Distributor6%
    University6%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company16%
    Manufacturing Company11%
    Insurance Company5%
    Company Size
    REVIEWERS
    Small Business52%
    Midsize Enterprise5%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise45%
    Large Enterprise46%
    REVIEWERS
    Small Business36%
    Midsize Enterprise7%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    Buyer's Guide
    Klocwork vs. Mend.io
    May 2024
    Free Report: Klocwork vs. Mend.io
    Find out what your peers are saying about Klocwork vs. Mend.io and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    Klocwork is ranked 15th in Application Security Tools with 20 reviews while Mend.io is ranked 13th in Application Security Tools with 29 reviews. Klocwork is rated 8.2, while Mend.io is rated 8.4. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and CodeSonar, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One. See our Klocwork vs. Mend.io report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.