• Home
  • CAST Application Intelligence Platform vs. Mend.io

CAST Application Intelligence Platform vs Mend.io comparison

Cancel
You must select at least 2 products to compare!
CAST Logo

CAST Application Intelligence Platform

Read 4 CAST Application Intelligence Platform reviews
1,011 views|682 comparisons
83% willing to recommend
Mend.io Logo

Mend.io

Read 29 Mend.io reviews
8,686 views|5,116 comparisons
96% willing to recommend
Featured Review
Vishal-Goyal
Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry
Bruno Lavit
Automation, such as automated pull requests, saves us significant time
Since we moved to Mend.io, a long time ago, everything has been fully automated and we are saving a lot of time. When it comes to MTTR, we are... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out.""Used for controlling the technical debt and code quality.""CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform.""It supports most programming languages.""Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients."

More CAST Application Intelligence Platform Pros →

"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.""Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.""We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently.""We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds.""The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate.""The results and the dashboard they provide are good.""Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed.""The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."

More Mend.io Pros →

Cons
"The integration of this solution could be improved.""Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues.""Implementation could be made more simpler as it is complex.""It has very few plugins to access different code repositories, so source code has to be fed.""The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code."

More CAST Application Intelligence Platform Cons →

"The dashboard UI and UX are problematic.""It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding.""If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation.""WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers.""At times, the latency of getting items out of the findings after they're remediated is higher than it should be.""The UI is not that friendly and you need to learn how to navigate easily.""The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved.""The initial setup could be simplified."

More Mend.io Cons →

Pricing and Cost Advice
  • "I do know how the CAST Application Intelligence Platform is licensed, but I'm not able to give the cost because the price is not listed. My company works with individual vendors, so pricing is on a case-to-case basis, but the vendors give specialized pricing because of the enterprise deployment, though my team is aware of product pricing based on lines of code, based on the number of applications, etc., I'm unable to give the exact licensing costs of the CAST Application Intelligence Platform. My company doesn't have to pay extra for some features or services because all are included as part of the enterprise license. On a scale of one to five, with five being very cheap and one being very expensive, I would rate the CAST Application Intelligence Platform as three out of five."

    • More CAST Application Intelligence Platform Pricing and Cost Advice →

  • "We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
  • "The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
  • "Pricing is competitive."
  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."

    • More Mend.io Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Development Analytics solutions are best for your needs.
    See Recommendations
    768,740 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about CAST Application Intelligence Platform?
    Top Answer:The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some… more »
    Read all 2 answers   →
    What needs improvement with CAST Application Intelligence Platform?
    Top Answer:The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the… more »
    Read all 2 answers   →
    What is your primary use case for CAST Application Intelligence Platform?
    Top Answer:We use CAST Application Intelligence Platform for multiple purposes. One of its use cases is understanding the code health in terms of scalability, reliability, efficiency, and performance. These are… more »
    Read all 2 answers   →
    How does WhiteSource compare with SonarQube?
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Mend.io?
    Top Answer:The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related… more »
    Read all 23 answers   →
    Ranking
    3rd
    out of 10 in Software Development Analytics
    Views
    1,011
    Comparisons
    682
    Reviews
    2
    Average Words per Review
    753
    Rating
    8.0
    4th
    out of 40 in Software Composition Analysis (SCA)
    Views
    8,686
    Comparisons
    5,116
    Reviews
    10
    Average Words per Review
    1,324
    Rating
    8.5
    Comparisons
    Also Known As
    CAST AIP
    WhiteSource, Mend SCA
    Learn More
    CAST
    Mend.io
    Overview

    CAST Application Intelligence Platform (AIP), a result of over $130M in R&D investment over two decades, is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

    • Application Analytics Dashboard (CAST AAD): Provides IT executives with accurate business relevant analytics to drive their organization
    • Application Engineering Dashboard (CAST AED): Provides engineering and QA teams with powerful code and system level structural flaw insight and remediation guidance
    • Enlighten: Delivers to developers a powerful deep understanding of their application’s structure
    • Architecture Checker: Gives architects a reliable, automated solution to enforce architectures that deliver stability and performance of their critical applications

    CAST’s underlying system-level analysis technology assesses both the health of an application, as measured through numerous health factors, as well as specific structural and system-level defects that drive performance and stability issues providing true system level analysis.

    Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend.io Features

    Mend.io has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend.io Benefits

    There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend.io platform is very user-friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend.io provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Sample Customers
    Steria, T-Systems MMS, Atos Origin, Accenture, Capgemini
    Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm25%
    Computer Software Company16%
    Manufacturing Company13%
    Insurance Company9%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Media Company6%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company10%
    Insurance Company5%
    Company Size
    VISITORS READING REVIEWS
    Small Business11%
    Midsize Enterprise13%
    Large Enterprise76%
    REVIEWERS
    Small Business36%
    Midsize Enterprise7%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    Buyer's Guide
    CAST Application Intelligence Platform vs. Snyk
    March 2024
    Free Report: CAST Application Intelligence Platform vs. Snyk
    Find out what your peers are saying about CAST Application Intelligence Platform vs. Snyk and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,740 professionals have used our research since 2012.

    CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. CAST Application Intelligence Platform is rated 7.0, while Mend.io is rated 8.4. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". CAST Application Intelligence Platform is most compared with SonarQube, Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode.

    We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.