We performed a comparison between Mend.io and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The results and the dashboard they provide are good."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"The solution is scalable."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"The initial setup could be simplified."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"Make the product available in a very stable way for other web browsers."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"The dashboard UI and UX are problematic."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
Mend.io is ranked 5th in Application Security Tools with 29 reviews while Sonatype Repository Firewall is ranked 34th in Application Security Tools with 3 reviews. Mend.io is rated 8.4, while Sonatype Repository Firewall is rated 8.4. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and Waratek ARMR. See our Mend.io vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.