Mend Application Security Platform
Promote this Nomination
Mend Application Security Platform
|Company (that provides the nominated product / solution / service)||Mend (formerly WhiteSource Software)|
|Company size (employees)||100 to 499|
|Headquarters Region||North America|
|Type of solution||Software|
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
- Mend’s Application Security Platform is the first platform in the world to automatically remediate (find and fix) application security holes involving both open source and custom code. The platform’s static code analysis tool, Mend SAST, identifies security weaknesses in custom code across desktop, web, and mobile applications and generates results up to 10 times faster than legacy SAST solutions. Automated remediation—available in both the Mend SAST and Mend SCA solutions—writes the exact code changes needed to fix code flaws, and provides teams with the opportunity to review the recommended code changes and approve or decline them through a pull request — a capability called Merge Confidence. It also integrates with the existing DevOps environment and CI/CD pipeline, so developers don’t need to separately configure or trigger the scan.
The Mend Application Security Platform identifies and fixes vulnerabilities in open source and custom code through automated remediation for both static application security testing (SAST) and software composition analysis (SCA). Developers can instantly see how to fix their code, word-for-word, in their native environment and reduce application security risk without impacting demanding development deadlines.
Having an industry-first automated remediation for open source and custom code enables developers to detect and address vulnerabilities accurately with automated monitoring and fast customizable reporting. Through Mend Priority Scoring, an innovative approach to prioritization that combines perceived risks from both security and non-security metrics, business impact is factored in as part of overall vulnerability scoring (the first and only automated remediation solution to do this). Mend also prioritizes vulnerabilities based on a full trace analysis, which reduces security alerts by up to 85 percent so development and security teams know exactly what to focus on and remediate critical issues faster.
Mend SCA detects all vulnerable open source components, including in their transitive dependencies, in more than 200 programming languages. It also minimizes false positives to reduce alerts by matching reported vulnerabilities to the open source libraries in their code. Additionally, Mend’s SAST solution ensures comprehensive and accurate detections with visibility to over 70 CWE types — including OWASP Top 10 and SANS 25 — in desktop web and mobile applications developed on various platforms and frameworks.
Organizations also gain competitive coverage over their open source use with Mend’s vulnerability database, the largest in the industry. With over 270 million open source components and 13 billion files, it continuously monitors multiple resources such as the National Vulnerability Database. In addition, the platform’s Mend Supply Chain Defender protects enterprises against software supply chain attacks by detecting and blocking malicious open-source packages before developers can download them.
Vote for this Nomination
(click the thumbs-up icon to cast your vote)
You need to be a registered member to vote for this nomination. Please register here.