We performed a comparison between Mend and Checkmarx based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Mend comes out ahead of Chechmarx. While both possess flexibility and good vulnerability compliance, Checkmarx’s modular licensing and data search tools leave room for improvement.
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"Our static operation security has been able to identify more security issues since implementing this solution."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The SAST component was absolutely 100% stable."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"The vulnerability analysis is the best aspect of the solution."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"Its ease of use and good results are the most valuable."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"The results and the dashboard they provide are good."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The solution sometimes reports a false auditable code or false positive."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Implementing a blackout time for any user or teams: Needs improvement."
"It is an expensive solution."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"Its user interface could be improved and made more friendly."
"The dashboard UI and UX are problematic."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"I would like to see the static analysis included with the open-source version."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"The solution lacks the code snippet part."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Checkmarx One is rated 7.6, while Mend.io is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and OWASP Zap, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and JFrog Xray. See our Checkmarx One vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.