We performed a comparison between HCL AppScan and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product is useful, particularly in its sensitivity and scanning capabilities."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"You can easily find particular features and functions through the UI."
"It provides a better integration for our ecosystem."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"This solution saves us time due to the low number of false positives detected."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"The solution is scalable."
"The vulnerability analysis is the best aspect of the solution."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"Its ease of use and good results are the most valuable."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"The pricing has room for improvement."
"A desktop version should be added."
"The product has some technical limitations."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"They should have a better UI for dashboards."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"The penetration testing feature should be included."
"Sometimes it doesn't work so well."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"The UI is not that friendly and you need to learn how to navigate easily."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"The initial setup could be simplified."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. HCL AppScan is rated 7.6, while Mend.io is rated 8.4. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Invicti, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Jscrambler. See our HCL AppScan vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.