We performed a comparison between FlexNet Code Insight and Mend.io based on real PeerSpot user reviews.
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA)."It had a web interface into the reporting tools that was decent, and open source components could be reported per project and/or aggregated similar to other software composition tools."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"The solution is scalable."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"I found the user interface cumbersome and difficult to use."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"The UI is not that friendly and you need to learn how to navigate easily."
"The only thing that I don't find support for on Mend Prioritize is C++."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"The initial setup could be simplified."
Earn 20 points
FlexNet Code Insight is ranked 17th in Software Composition Analysis (SCA) while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. FlexNet Code Insight is rated 4.0, while Mend.io is rated 8.4. The top reviewer of FlexNet Code Insight writes "A decent web interface for reports, but the snippet style code matching requires too much effort". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". FlexNet Code Insight is most compared with Black Duck, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.