Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Easy to use and fast for getting results
What do you like best about the product?
Very easy to set up and make it work. Also very easy to modify the set up and add or remove new repos. I really like the fact that after each merge Mend automatically creates issues associated with each problematic dependency, and those are automatically closed if the issue is resolved.
What do you dislike about the product?
So far there hasn't been any areas that I disliked. I haven't dig deep into the documentation yet, but it was not immediately clear if Mend will automatically assess PRs before merging and add any comments to them.
What problems is the product solving and how is that benefiting you?
The main area we use Mend for right now is analyzing vulnerabilities of the dependencies that we use. In our platform security is very important since we deal with sensitive customer information and their transactions data. We need to make sure the 3rd-party libraries that we use have no known vulnerabilities.
- Leave a Comment |
- Mark review as helpful
Great platform and team is always working on improving the product
What do you like best about the product?
Overall I feel that Mend is a good platform and what I love most is that they are always working on continued improvements.
Moreover features like prioritize etc make it the best
Moreover features like prioritize etc make it the best
What do you dislike about the product?
frankly it's a good tool. Still, if i have to list the cons,i would say .so , .a file types support should be added. Also, prioritize should include support for more and more package maangers .
What problems is the product solving and how is that benefiting you?
all our deployment compliance, license violation issues, library management, vulnerability management , in house patterns/libraries and policy violation are trusted to Mend .
Rocky Implementation with Reliable Vulnerability Management
What do you like best about the product?
Mend has timely support through their portal and sales rep which has been very helpful. Their newest documentation is overhauled which is a huge plus compared to their previous WhiteSource documentation. Their vulnerability management has timely alerts, a wealth of information on findings and integrations.
What do you dislike about the product?
Implementation was challenging even with technical support. We were unable to effectively get the unified agent configuration working even though we had this 5 months prior in a POC. We opted to go for Azure integration which worked easily out of the box (a plus) but is a bit limited in scope for how we handled effective vulnerabilities.
Reporting is lacking especially when using the tool as a compliance/inventory management process. Risk acceptance lasts indefinitely rather than a threshold e.g. 90 days / 360 days.
Reporting is lacking especially when using the tool as a compliance/inventory management process. Risk acceptance lasts indefinitely rather than a threshold e.g. 90 days / 360 days.
What problems is the product solving and how is that benefiting you?
We primarily use Mend for automated static code analysis of our open-source development projects. THe product solves our vulnerability management gap with open-source solutions and is used to solve as a list of approved libraries.
A very promising security product and business line
What do you like best about the product?
The simplicity of scanning
The simplicity of the GUI and able to drill down into where exactly a particular library is fetched from
Ability to download reports and more meaningful reports as compared to other products (Snyk, CodeClimate)
The simplicity of the GUI and able to drill down into where exactly a particular library is fetched from
Ability to download reports and more meaningful reports as compared to other products (Snyk, CodeClimate)
What do you dislike about the product?
The complexity in scanning different technologies and educating developers how to scan their code and read their dashboards
Sometimes, downstream dependencies are displayed (false positives) , it is extremely hard for engineers to figure out the tree maps and fix the problematic lines of code
The "Requires Review" section is very wide and demands the review and sign off from different departments like developer+devops+Management. But the GUI does not support this in a user friendly way.
When we mark a library "in-house" or try to "whitelist it" it becomes permanently marked as such instead of allowing us to revisit it.
Sometimes, downstream dependencies are displayed (false positives) , it is extremely hard for engineers to figure out the tree maps and fix the problematic lines of code
The "Requires Review" section is very wide and demands the review and sign off from different departments like developer+devops+Management. But the GUI does not support this in a user friendly way.
When we mark a library "in-house" or try to "whitelist it" it becomes permanently marked as such instead of allowing us to revisit it.
What problems is the product solving and how is that benefiting you?
The problem of knowing what are the OSS bundled into our source code
Developers urgently reference libraries to develop features without much focus on static application security, as admins we are able to capture those early in SDLC
Developers urgently reference libraries to develop features without much focus on static application security, as admins we are able to capture those early in SDLC
SAST SCA scanning in good budget
What do you like best about the product?
The scan results are pretty accurate and explained in a very good way. We can raise an issues on their support portal which is providing responses to our cases in a quick time.
What do you dislike about the product?
They are yet to merge their SAST and SCA portals which is important.
Their support is missing a chat feature which is important in case of urgent issues.
Documentation should be improved.
Their support is missing a chat feature which is important in case of urgent issues.
Documentation should be improved.
What problems is the product solving and how is that benefiting you?
Mend is scanning our source code as well as the libraries and providing us the list of vulnerabilities present in our source code or libraries where we need to improve and produce a better product.
Secure your projects with Mend
What do you like best about the product?
The best thing is the security and easy to use. The mend bot offers couple of qualities to protect your projects against several security protocols warnings. It is very helpful.
What do you dislike about the product?
To be honest there's only one thing which i dislike about this great bot is limitation of free account, you will only get limited scans for free account which needs to be increased.
What problems is the product solving and how is that benefiting you?
Mend bot is very intelligent and i helped me with all dependencies and unknown random files issues and give me overall issue report to customize the threat. Very useful.
Mend : A Useful Dependency Management Tool
What do you like best about the product?
Scanning the Dependencies in the Project for Vulnerabilities is a really efficient feature. It keeps track of various dependencies across repositories and also suggests the upgraded version for dependencies to fix the Vulnerabilities. Integration with Gitlab Runners and CI/CD Pipelines has made the process seamless.
What do you dislike about the product?
It sometimes shows invalid vulnerabilities, even when the Dependency version has been upgraded.
Integration and Setup for a complex project and multiple subprojects with Gitlab Repository isn't simple and could be tedious.
Integration and Setup for a complex project and multiple subprojects with Gitlab Repository isn't simple and could be tedious.
What problems is the product solving and how is that benefiting you?
It's helpful in keeping track of the versions of various dependencies and libraries being used. It's really beneficial in keeping the applications secure from vulnerabilities.
Great Tool for Managing 3rd party libraries
What do you like best about the product?
Mend eases the process of keeping track of all the used 3rd party dependencies within a product. It not only scans for the pure occurrence (also transitively) but takes also care of license and vulnerabilities.
What do you dislike about the product?
In the beginning, it is a steep learning curve to configure the tool and integrate it into custom pipelines. With the help of a succeess manager, this also works out. Since the usage of renovate, we have up-to-date libraries across all our projects, but not all versions are known immediately by the dashboard.
What problems is the product solving and how is that benefiting you?
Mend helps you to track which libraries are used within a piece of software. It keeps track of the vulnerabilities and also keeps track of the license. With single clicks, you can generate the necessary license overview and ensure the vulnerability state of your application.
Renovate is great
What do you like best about the product?
I enjoy how quickly PRs are opened so I can always have my dependencies up to date. The PRs are informative and using checkboxes for UI is much better than commands.
What do you dislike about the product?
There isn't much to dislike, the configuration file allows me to control pretty much every I could want to. If I had to make one complaint it's that the config file has to be in the root of the repo. It would be nice if I could hide it away in a .github directory or perhaps a .whitesource directory which could also hold my bolt config file.
What problems is the product solving and how is that benefiting you?
Using whitesource bolt and rebovate, I'm able to keep my dependencies updates and safe. I no longer have to worry about managing my dependencies by hand or by relying on GitHubs automated tools which might miss something.
Whitesource Fenovate is solid
What do you like best about the product?
I setup whitesource rennovate to help keep our dependencies up to date. Since doing that we have slowly but surely updated all of our dependencies without spending much developer time.
What do you dislike about the product?
The downside is that rennovate is a bit slow to rerun after you've made a change. For the most part it's fine but when you're getting started and have lots to update it can feel slow.
What problems is the product solving and how is that benefiting you?
Keeping my dependencies up to date for a modern python project that's using poetry and docker.
showing 31 - 40