We performed a comparison between Mend.io and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"The solution is scalable."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"It is a good product for website penetration testing to detect vulnerabilities."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It works with many different products."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"I would like to see the static analysis included with the open-source version."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"The only thing that I don't find support for on Mend Prioritize is C++."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"The solution lacks the code snippet part."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"The virus code updates are not frequent enough."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The support could be faster."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"In certain cases, this product does have false positives, which the company should work on."
"The pricing does not seem to be competitive."
More Qualys Web Application Scanning Pricing and Cost Advice →
Mend.io is ranked 5th in Application Security Tools with 29 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Mend.io is rated 8.4, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Mend.io is most compared with SonarQube, Black Duck, Snyk and Checkmarx One, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Mend.io vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.