We performed a comparison between FlexNet Code Insight and Mend.io based on real PeerSpot user reviews.
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA)."It had a web interface into the reporting tools that was decent, and open source components could be reported per project and/or aggregated similar to other software composition tools."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"I found the user interface cumbersome and difficult to use."
"The solution lacks the code snippet part."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"I would like to see the static analysis included with the open-source version."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"The dashboard UI and UX are problematic."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
Earn 20 points
FlexNet Code Insight is ranked 18th in Software Composition Analysis (SCA) while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. FlexNet Code Insight is rated 4.0, while Mend.io is rated 8.4. The top reviewer of FlexNet Code Insight writes "A decent web interface for reports, but the snippet style code matching requires too much effort". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". FlexNet Code Insight is most compared with Black Duck, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.