We performed a comparison between Mend.io and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The vulnerability analysis is the best aspect of the solution."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"The overall support that we receive is pretty good. "
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"It is a cloud-based solution, so it is easy to scale."
"It works with many different products."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"The only thing that I don't find support for on Mend Prioritize is C++."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"The solution needs to adjust its pricing. They should make it more affordable."
"They should try to include business logic vulnerabilities in the scanner testing."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The reporting contains too many false positives."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"There should be better visibility into the application."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
More Qualys Web Application Scanning Pricing and Cost Advice →
Mend.io is ranked 5th in Application Security Tools with 29 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. Mend.io is rated 8.4, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Mend.io vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.