• Home
  • Checkmarx One vs. Mend.io

Checkmarx One vs Mend.io comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo

Checkmarx One

Read 67 Checkmarx One reviews
35,279 views|23,132 comparisons
86% willing to recommend
Mend.io Logo

Mend.io

Read 29 Mend.io reviews
10,547 views|6,214 comparisons
96% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Checkmarx One vs. Mend.io
March 2024
Executive Summary
Updated on Apr 2, 2023

We performed a comparison between Mend and Checkmarx based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Reviewers of both solutions stated that the deployment processes were quick and efficient, with those deploying Checkmarx noting that the setup can take less than an hour.
  • Features: Mend offers open source software vulnerability remediation, as well as excellent integration with other applications. Its ability to manually configure policies and its over-engineered dashboard leaves the need for improvement. Checkmarx allows companies to automatically scan and resolve vulnerabilities in all major code languages with a high level of accuracy, and possess a user-friendly UI. However, someone who is not a developer may struggle to use it, and it lacks a holistic view of the portfolio-level dashboard.
  • Pricing: Mend is described as not overly expensive, with some enterprises being able to negotiate a lower price than what they had paid in previous years, while those using Checkmarx expressed that they would like to see its licensing improved.
  • Service and Support: The technical support of both solutions are noted as highly responsive and diligent in their responses.
  • ROI: A return on investment was observed by users of both solutions, in the form of improved quality of code and lack of security breaches.

Comparison results: Based on the parameters we compared, Mend comes out ahead of Chechmarx. While both possess flexibility and good vulnerability compliance, Checkmarx’s modular licensing and data search tools leave room for improvement.

To learn more, read our detailed Checkmarx One vs. Mend.io Report (Updated: March 2024).
Download the complete report
768,246 professionals have used our research since 2012.
Featured Review
KannanPadmanabhan
Used for static comprehension testing and helps us detect vulnerabilities early
We use it for non-functional insight because it's a security vulnerability scanner. We can use Checkmarx for scanning anytime on our code base. We... Read more →
Anonymous User
Once it's configured, it's seamless for the development community
Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.""The value you can get out of the speedy production may be worth the price tag.""The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful.""The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes.""Helps us check vulnerabilities in our SAP Fiori application.""The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.""The user interface is excellent. It's very user friendly.""Apart from software scanning, software composition scanning is valuable."

More Checkmarx One Pros →

"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.""The dashboard view and the management view are most valuable.""Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed.""The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business.""Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.""What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour.""There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.""The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."

More Mend.io Pros →

Cons
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to.""I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service.""Checkmarx has a slightly difficult compilation with the CI/CD pipeline.""We can run only one project at a time.""The cost per user is high and should be reduced.""We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level.""The solution's user interface could be improved because it seems outdated.""Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"

More Checkmarx One Cons →

"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.""The only thing that I don't find support for on Mend Prioritize is C++.""It should support multiple SBOM formats to be able to integrate with old industry standards.""The initial setup could be simplified.""The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved.""The turnaround time for upgrading databases for this tool as well as the accuracy could be improved.""I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.""WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."

More Mend.io Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
  • "The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
  • "Pricing is competitive."
  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."

    • More Mend.io Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    768,246 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    How does WhiteSource compare with SonarQube?
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Mend.io?
    Top Answer:The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related… more »
    Read all 23 answers   →
    Ranking
    3rd
    out of 74 in Application Security Tools
    Views
    35,279
    Comparisons
    23,132
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    5th
    out of 74 in Application Security Tools
    Views
    10,547
    Comparisons
    6,214
    Reviews
    10
    Average Words per Review
    1,324
    Rating
    8.5
    Comparisons
    SonarQube logo
    SonarQube vs. Checkmarx One
    Compared 52% of the time.
    Veracode logo
    Veracode vs. Checkmarx One
    Compared 13% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Checkmarx One
    Compared 6% of the time.
    Snyk logo
    Snyk vs. Checkmarx One
    Compared 4% of the time.
    OWASP Zap logo
    OWASP Zap vs. Checkmarx One
    Compared 2% of the time.
    More Checkmarx One Competitors   →
    SonarQube logo
    SonarQube vs. Mend.io
    Compared 25% of the time.
    Black Duck logo
    Black Duck vs. Mend.io
    Compared 16% of the time.
    Snyk logo
    Snyk vs. Mend.io
    Compared 10% of the time.
    Veracode logo
    Veracode vs. Mend.io
    Compared 9% of the time.
    JFrog Xray logo
    JFrog Xray vs. Mend.io
    Compared 6% of the time.
    More Mend.io Competitors   →
    Also Known As
    WhiteSource, Mend SCA
    Learn More
    Checkmarx
    Mend.io
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend.io Features

    Mend.io has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend.io Benefits

    There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend.io platform is very user-friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend.io provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Media Company6%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company10%
    Insurance Company5%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    REVIEWERS
    Small Business36%
    Midsize Enterprise7%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    Buyer's Guide
    Checkmarx One vs. Mend.io
    March 2024
    Free Report: Checkmarx One vs. Mend.io
    Find out what your peers are saying about Checkmarx One vs. Mend.io and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,246 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Checkmarx One is rated 7.6, while Mend.io is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and OWASP Zap, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and JFrog Xray. See our Checkmarx One vs. Mend.io report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.