We performed a comparison between Mend.io and ShiftLeft based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."For us, the most valuable tool was open-source licensing analysis."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"The overall support that we receive is pretty good. "
"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"The UI is not that friendly and you need to learn how to navigate easily."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"The solution lacks the code snippet part."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
Mend.io is ranked 13th in Application Security Tools with 29 reviews while ShiftLeft is ranked 26th in Application Security Tools with 1 review. Mend.io is rated 8.4, while ShiftLeft is rated 10.0. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One, whereas ShiftLeft is most compared with SonarQube and Black Duck.
See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.