We performed a comparison between HCL AppScan and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reporting part is the most valuable feature."
"The UI was very intuitive."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"I like the recording feature."
"The product has valuable features for static and dynamic testing."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It provides a better integration for our ecosystem."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"Its ease of use and good results are the most valuable."
"For us, the most valuable tool was open-source licensing analysis."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"Sometimes it doesn't work so well."
"There is not a central management for static and dynamic."
"The databases for HCL are small and have room for improvement."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"The penetration testing feature should be included."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"The initial setup could be simplified."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
HCL AppScan is ranked 15th in Application Security Tools with 40 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. HCL AppScan is rated 7.6, while Mend.io is rated 8.4. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Invicti, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Coverity. See our HCL AppScan vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.