• Home
  • Checkmarx One vs. Mend.io

Checkmarx One vs Mend.io comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
Checkmarx One
Read 67 Checkmarx One reviews
34,421 views|22,385 comparisons
86% willing to recommend
Mend.io Logo
Mend.io
Read 29 Mend.io reviews
10,193 views|5,993 comparisons
96% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Checkmarx One vs. Mend.io
May 2024
Executive Summary
Updated on Apr 2, 2023

We performed a comparison between Mend and Checkmarx based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Reviewers of both solutions stated that the deployment processes were quick and efficient, with those deploying Checkmarx noting that the setup can take less than an hour.
  • Features: Mend offers open source software vulnerability remediation, as well as excellent integration with other applications. Its ability to manually configure policies and its over-engineered dashboard leaves the need for improvement. Checkmarx allows companies to automatically scan and resolve vulnerabilities in all major code languages with a high level of accuracy, and possess a user-friendly UI. However, someone who is not a developer may struggle to use it, and it lacks a holistic view of the portfolio-level dashboard.
  • Pricing: Mend is described as not overly expensive, with some enterprises being able to negotiate a lower price than what they had paid in previous years, while those using Checkmarx expressed that they would like to see its licensing improved.
  • Service and Support: The technical support of both solutions are noted as highly responsive and diligent in their responses.
  • ROI: A return on investment was observed by users of both solutions, in the form of improved quality of code and lack of security breaches.

Comparison results: Based on the parameters we compared, Mend comes out ahead of Chechmarx. While both possess flexibility and good vulnerability compliance, Checkmarx’s modular licensing and data search tools leave room for improvement.

To learn more, read our detailed Checkmarx One vs. Mend.io Report (Updated: May 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Naveen Hariharan Vijaya
A highly scalable solution that reduces workloads, saves time, and fixes loopholes and vulnerabilities swiftly
Static code reviews are small projects. Previously, with a team of four analysts, we did two project reviews every month. Since we started using... Read more →
Jeffrey Harker
Easy to use, great for finding vulnerabilities, and simple to set up
A lot of these functions are development muscles that need to be baked into the actual SDLC process. We can put this on our pipelines and ensure... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The user interface is excellent. It's very user friendly.""The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.""The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes.""It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.""The setup is fairly easy. We didn't struggle with the process at all.""I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy.""It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).""The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."

More Checkmarx One Pros →

"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production.""For us, the most valuable tool was open-source licensing analysis.""Our dev team uses the fix suggestions feature to quickly find the best path for remediation.""The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business.""I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.""There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.""The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.""The dashboard view and the management view are most valuable."

More Mend.io Pros →

Cons
"Checkmarx could improve the REST APIs by including automation.""We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level.""The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools.""The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information.""We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process.""Updating and debugging of queries is not very convenient.""The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement.""Checkmarx is not good because it has too many false positive issues."

More Checkmarx One Cons →

"The dashboard UI and UX are problematic.""WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers.""I would like to see the static analysis included with the open-source version.""It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding.""It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process.""We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail.""Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.""Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."

More Mend.io Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
  • "The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps."
  • "Pricing is competitive."
  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."

    • More Mend.io Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    How does WhiteSource compare with SonarQube?
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Mend.io?
    Top Answer:The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related… more »
    Read all 23 answers   →
    Ranking
    3rd
    out of 74 in Application Security Tools
    Views
    34,421
    Comparisons
    22,385
    Reviews
    21
    Average Words per Review
    508
    Rating
    7.7
    5th
    out of 74 in Application Security Tools
    Views
    10,193
    Comparisons
    5,993
    Reviews
    10
    Average Words per Review
    1,324
    Rating
    8.5
    Comparisons
    SonarQube logo
    SonarQube vs. Checkmarx One
    Compared 52% of the time.
    Veracode logo
    Veracode vs. Checkmarx One
    Compared 13% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Checkmarx One
    Compared 6% of the time.
    Snyk logo
    Snyk vs. Checkmarx One
    Compared 4% of the time.
    OWASP Zap logo
    OWASP Zap vs. Checkmarx One
    Compared 2% of the time.
    More Checkmarx One Competitors   →
    SonarQube logo
    SonarQube vs. Mend.io
    Compared 25% of the time.
    Black Duck logo
    Black Duck vs. Mend.io
    Compared 16% of the time.
    Snyk logo
    Snyk vs. Mend.io
    Compared 9% of the time.
    Veracode logo
    Veracode vs. Mend.io
    Compared 8% of the time.
    JFrog Xray logo
    JFrog Xray vs. Mend.io
    Compared 6% of the time.
    More Mend.io Competitors   →
    Also Known As
    WhiteSource, Mend SCA, Mend.io Supply Chain Defender
    Learn More
    Checkmarx
    Mend.io
    Overview

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend.io Features

    Mend.io has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend.io Benefits

    There are many benefits to implementing Mend.io. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend.io platform is very user-friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend.io’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend.io provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend.io makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend.io has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend.io solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend.io (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend.io does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend.io provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Media Company6%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company16%
    Manufacturing Company10%
    Insurance Company5%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise72%
    REVIEWERS
    Small Business36%
    Midsize Enterprise7%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    Buyer's Guide
    Checkmarx One vs. Mend.io
    May 2024
    Free Report: Checkmarx One vs. Mend.io
    Find out what your peers are saying about Checkmarx One vs. Mend.io and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Checkmarx One is rated 7.6, while Mend.io is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and OWASP Zap, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and JFrog Xray. See our Checkmarx One vs. Mend.io report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.