We evaluated several tools and picked a shortlist of candidates that met our company's needs. Mend had broader package manager support, minimal false positives, automated remediation, and the GitHub integration. 

We evaluated Black Duck and Snyk. We went with Mend, not because of pricing—we were willing to pay the right price for the right tool—nor for the features. It was for the ability to track all the copyrights when using an open-source dependency. That means we wanted all the copyrights for all the tools contributing to a given open-source dependency. Mend.io was the only tool that could do that.

We evaluated many solutions, such as Snyk, Sonatype, SonarQube, Checkmarx, and a couple of others.

We didn't do any trials with other products. We mainly researched and understood how the different solutions work.

I evaluated other options, but some of those, such as Protecode, do not exist today. They used to be tools based on the actual reading of the content. They were snippet-based.

The solution was there when I joined. During the license renewal process, we looked at other solutions, but none of them offered the level of integration we need. We will look at other solutions before the next renewal in December. The main factors are pricing and integration. Mend is the best solution for now.

We evaluated Black Duck, but it has several limitations that drove us toward choosing Mend. Black Duck is very expensive, and we require a SaaS solution to ensure the privacy of our source code, and they couldn't provide that. Therefore, our team decided to choose the more affordable and secure product.

We are evaluating Veracode.

We evaluated other solutions before choosing WhiteSource. We ended up choosing WhiteSource because of some of its unique features.

We tested Black Duck as well but detected quite a lot of false positives.

We did not evaluate other options.

We also use NPM Audit and Snyk, but as an augmentation; not as competitors. 

We are still evaluating at the moment, and have not officially adopted WhiteSource as of yet.

The reason I logged into the IT Central Station web site is because I was looking for crisp documentation so that I may compare WhiteSource with Black Duck. I did not find what I was looking for. All I found was a conglomerate of user experiences, not the research reports I was searching for.

I am currently using both of these products.

Yes, Snyk

Given the different solutions in that space, WhiteSource was the best solution for our needs. We’ve found it was able to manage all dependencies, automate alerts, and provide us with easy and quick license reports, attribution and copyright information.

I evaluated Black Duck.

We did evaluate another tool along with WhiteSource, but we decided to take WhiteSource. There was this other tool, Black Duck, but we decided to work with WhiteSource.

However, we have not fully evaluated this tool. It seemed too complicated for us, so at a certain point, we just decided to work with WhiteSource further on.

There were only two products at this point in time which we evaluated, the solution being one of these. We plan to reevaluate its use. 

We’ve evaluated Snyk, also used their free version and free dependency checkers.

I didn't choose it but I saw a demo of Synk.

We did a comparison with Black Duck, but WhiteSource was better at managing the Open Source stuff.