We performed a comparison between Mend.io and Polyspace Code Prover based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"The results and the dashboard they provide are good."
"We set the solution up and enabled it and we had everything running pretty quickly."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"Its ease of use and good results are the most valuable."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The outputs are very reliable."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"Polyspace Code Prover is a very user-friendly tool."
"The product detects memory corruptions."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"The UI is not that friendly and you need to learn how to navigate easily."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like the data to be taken from any format."
"Automation could be a challenge."
"Using Code Prover on large applications crashes sometimes."
"The tool has some stability issues."
Mend.io is ranked 13th in Application Security Tools with 29 reviews while Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews. Mend.io is rated 8.4, while Polyspace Code Prover is rated 7.6. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One, whereas Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork, CodeSonar and Parasoft SOAtest. See our Mend.io vs. Polyspace Code Prover report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.