We performed a comparison between Mend.io and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The product prevents possible vulnerabilities in our network."
"It is easy to use."
"The interface is user-friendly and easy to understand."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It is a good product for website penetration testing to detect vulnerabilities."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"Make the product available in a very stable way for other web browsers."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"The initial setup could be simplified."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The reporting contains too many false positives."
"The solution needs to adjust its pricing. They should make it more affordable."
"They should try to include business logic vulnerabilities in the scanner testing."
"The virus code updates are not frequent enough."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The product's pricing could be better."
More Qualys Web Application Scanning Pricing and Cost Advice →
Mend.io is ranked 5th in Application Security Tools with 29 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Mend.io is rated 8.4, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Mend.io is most compared with SonarQube, Black Duck, Snyk and Checkmarx One, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Mend.io vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.