We performed a comparison between Mend.io and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."For us, the most valuable tool was open-source licensing analysis."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"The solution is scalable."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"The only thing that I don't find support for on Mend Prioritize is C++."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"The initial setup could be simplified."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
Mend.io is ranked 5th in Application Security Tools with 29 reviews while Sonatype Repository Firewall is ranked 34th in Application Security Tools with 3 reviews. Mend.io is rated 8.4, while Sonatype Repository Firewall is rated 8.4. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and Waratek ARMR. See our Mend.io vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.