Mend.io AppSec Platform
Mend.ioExternal reviews
109 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Powerful tool to manage external libraries
What do you like best about the product?
Renovate is easy to setup and works with all VCS you can think of (also self-hosted). I was impressed by the amount of configuration that exists and it saves me quite some time keeping dependencies up-to-date.
Documentation is also really good.
Documentation is also really good.
What do you dislike about the product?
Although the first run was easy, configuring details was a bit of trial and error at first. I was unsure about what a global and what a project specific setting is.
What problems is the product solving and how is that benefiting you?
Keeping dependencies up-to-date and therefore fixing security problems.
Renovate is awesome!
What do you like best about the product?
My favorite thing about Renovate is the customizability. You can adjust everything about how Renovate works down to the most minute detail.
What do you dislike about the product?
One downside of Renovate is that the customizability can be overwhelming. Fortunately, their config-help repository is very good at offering advice and helping you figure out how to accomplish what you want.
What problems is the product solving and how is that benefiting you?
Renovate helps me automatically update dependencies in my JavaScript projects. It keeps me from needing to remember to check every few days.
Renovate is a must-have
What do you like best about the product?
Renovate is a time saver, more specifically, saving precious engineering time and brings peace of mind as we automated our application dependencies updating.
What do you dislike about the product?
Nothing really. The Renovate tool is part of the toolchain for every applications. And is now free!
What problems is the product solving and how is that benefiting you?
Automate everything! Instead of a manual process to update our dependencies and relying on a benevolent engineer to keep track of the necessary updates, Renovate does it automatically and with a lot of different configuration options.
We are now confident that our application is not falling behind.
By automating dependency management updates, we can reallocate engineers hours to more value adding projects.
We are now confident that our application is not falling behind.
By automating dependency management updates, we can reallocate engineers hours to more value adding projects.
Indispensable
What do you like best about the product?
Turns keeping your software up to date from a chore into something you don’t even need to think about.
What do you dislike about the product?
Faster creation of MRs - perhaps a database of who uses what dependency so as soon as a new release is created they can all be updated, rather than each repo polling their dependencies individually.
What problems is the product solving and how is that benefiting you?
Keeping a large number of repos up to date with internal and external dependency changes. It had made it much easier for us to split our own libraries up into smaller pieces.
Recommendations to others considering the product:
Focus on building a good test suite so you can turn on auto merging. Also an automatic semantic release pipeline makes things even smoother.
Whitesource is an excellent tool for ensuring adequate security for third party software packages
What do you like best about the product?
The licensing/copyright check is a major time saver.
What do you dislike about the product?
For Nodejs the npm packages run deep, and currently it is not easy to determine the root package for some of the vulnerabilities.
What problems is the product solving and how is that benefiting you?
Whitesource automates the listing of third party packages, checks the liceensing/copyright info, and displays any CVEs within these packages.
Recommendations to others considering the product:
I would recommend integrating the scan process into your devOps pipeline.
WhiteSource identifies security vulnerabilities in easy steps & provides remediation for quick fixes
What do you like best about the product?
User friendly, quick remediation & better reports
What do you dislike about the product?
Provides only OSS security vulnerabilities
What problems is the product solving and how is that benefiting you?
Outdated versions of Open source libraries, vulnerable library components
Recommendations to others considering the product:
WhiteSource is best in class solution, easy to adapt and with good customer support.
Best Open Source Analysis (OSA) at this moment.
What do you like best about the product?
Best Open Source analysis with their In-house and other multiple sources of software vulnerabilities. Also one of the few companies in the market which will give you license & policy violations alert as well.
Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.
Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.
Mostly such things are helpful in today's world as most of your administration is offloaded to them.
Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.
Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.
Mostly such things are helpful in today's world as most of your administration is offloaded to them.
What do you dislike about the product?
No downside of using this software in OSA and DEVOPS Pipeline.
Support Team's response is sometimes delayed but sometimes it's prompt.
Need to define an SLA
Support Team's response is sometimes delayed but sometimes it's prompt.
Need to define an SLA
What problems is the product solving and how is that benefiting you?
Open Source software which are used in almost all of software products needs to be evaluated for vulnerabilities and secure products should be shipped in market.
The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.
There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.
Whitesource's R&D team is also working diligently to improve their vulnerability DB.
Also, this tool can be incorporated in DevSecOps pipeline as well.
The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.
There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.
Whitesource's R&D team is also working diligently to improve their vulnerability DB.
Also, this tool can be incorporated in DevSecOps pipeline as well.
Recommendations to others considering the product:
Best valuation for the price point in the market right now, go for it.
Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source.
Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source.
The best on the market open source dependencies analysis tool
What do you like best about the product?
WhiteSource provide information on vulnerabilities resolution via SAAS dashboard and extensive, well researched database of known vulnerable and malicious libraries.
What do you dislike about the product?
Takes time to understand all scan configuration parameters but once understood it is easy to use.
What problems is the product solving and how is that benefiting you?
Resolving known vulnerabilities according to their seventies as soon as they are introduced to our software.
Recommendations to others considering the product:
Industry standard and must have
White Source Open Source Compliance
What do you like best about the product?
Easy to integrate open source policies directly into your Continuous Integration.
What do you dislike about the product?
Nothing to dislike. Does exactly what it says on the tin and at a reasonable price
What problems is the product solving and how is that benefiting you?
Open Source compliance used to be an expensive, manual process. Now it is continually happening as part of our day to day process.
Recommendations to others considering the product:
Much more cost effective than Black Duck.
Bootstrapping startup that will go the extra mile for service
What do you like best about the product?
My favorite part about whitesource is that their product is modern. Unlike the competitors, whitesource software is built with modern frameworks and CI platforms in mind. They don't assume you have a server closet or that your entire office runs windows XP :)
What do you dislike about the product?
I don't really have any complaints. They are growing which means some features are still being built-out. But any time I have had a problem, whitesource has gone the extra mile to provide a work-around or solution. So it's not really a big deal.
What problems is the product solving and how is that benefiting you?
We are trying to make sure we respect all open-source contributors and authors by respecting their licenses. And Whitesource does a great job of helping us do that. Beyond that we get the added benefit of security scans and automated alerts from their system, as well as our CI.
We would eventually like to enact some policies using whitesource so that we can find and correct license issues long before production. I haven't gotten into the policy side of whitesource too much, but it seems pretty straightforward. And I know they plan to continue expanding that.
We would eventually like to enact some policies using whitesource so that we can find and correct license issues long before production. I haven't gotten into the policy side of whitesource too much, but it seems pretty straightforward. And I know they plan to continue expanding that.
Recommendations to others considering the product:
Really dig in to whether or not these companies support your stack. We wasted a lot of time looking into companies that knew very well that their software didn't even work with our tech-stack. Their plan was to get you to sign a contract and then bully you into professional services.
With whitesource, run a trial. Take a sample collection of code and scan it. Have them show you the interface and play with the demo. It is such a great experience and you'll find out right in the beginning how well they fit.
Past this, it's very easy to expect a software package like this to do all these tiny little things. But once you get into it, you realize you don't actually care about half of it. So really think about what's important to you in this process and you can save a lot of time.
Also, remember that the folks at whitesource do this for a living. So if you don't understand something, or want to know how other companies handle a certain problem... ask whitesource! They have a great level of experience and could even save you a lot of time and money guiding you to the right answer.
With whitesource, run a trial. Take a sample collection of code and scan it. Have them show you the interface and play with the demo. It is such a great experience and you'll find out right in the beginning how well they fit.
Past this, it's very easy to expect a software package like this to do all these tiny little things. But once you get into it, you realize you don't actually care about half of it. So really think about what's important to you in this process and you can save a lot of time.
Also, remember that the folks at whitesource do this for a living. So if you don't understand something, or want to know how other companies handle a certain problem... ask whitesource! They have a great level of experience and could even save you a lot of time and money guiding you to the right answer.
showing 31 - 40