We performed a comparison between Mend and Checkmarx based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Mend comes out ahead of Chechmarx. While both possess flexibility and good vulnerability compliance, Checkmarx’s modular licensing and data search tools leave room for improvement.
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Our static operation security has been able to identify more security issues since implementing this solution."
"The SAST component was absolutely 100% stable."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The user interface is excellent. It's very user friendly."
"The solution is scalable, but other solutions are better."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"The dashboard view and the management view are most valuable."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"The integration could improve by including, for example, DevSecOps."
"The pricing can get a bit expensive, depending on the company's size."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"The UI is not that friendly and you need to learn how to navigate easily."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"I would like to see the static analysis included with the open-source version."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Checkmarx One is rated 7.6, while Mend.io is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and OWASP Zap, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and JFrog Xray. See our Checkmarx One vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.