Mend Application Security Platform

Additional Info

CompanyMend (formerly WhiteSource Software)
Company size (employees)100 to 499
Headquarters RegionNorth America
Type of solutionSoftware


The Mend Application Security Platform identifies and fixes vulnerabilities in open source and custom code through automated remediation for both static application security testing (SAST) and software composition analysis (SCA). Developers can instantly see how to fix their code, word-for-word, in their native environment and reduce application security risk without impacting demanding development deadlines.

Having an industry-first automated remediation for open source and custom code enables developers to detect and address vulnerabilities accurately with automated monitoring and fast customizable reporting. Through Mend Priority Scoring, an innovative approach to prioritization that combines perceived risks from both security and non-security metrics, business impact is factored in as part of overall vulnerability scoring (the first and only automated remediation solution to do this). Mend also prioritizes vulnerabilities based on a full trace analysis, which reduces security alerts by up to 85 percent so development and security teams know exactly what to focus on and remediate critical issues faster.

Mend SCA detects all vulnerable open source components, including in their transitive dependencies, in more than 200 programming languages. It also minimizes false positives to reduce alerts by matching reported vulnerabilities to the open source libraries in their code. Additionally, Mend’s SAST solution ensures comprehensive and accurate detections with visibility to over 70 CWE types — including OWASP Top 10 and SANS 25 — in desktop web and mobile applications developed on various platforms and frameworks.

Organizations also gain competitive coverage over their open source use with Mend’s vulnerability database, the largest in the industry. With over 270 million open source components and 13 billion files, it continuously monitors multiple resources such as the National Vulnerability Database. In addition, the platform’s Mend Supply Chain Defender protects enterprises against software supply chain attacks by detecting and blocking malicious open-source packages before developers can download them.

How we are different

- Mend’s Application Security Platform is the first platform in the world to automatically remediate (find and fix) application security holes involving both open source and custom code. The platform’s static code analysis tool, Mend SAST, identifies security weaknesses in custom code across desktop, web, and mobile applications and generates results up to 10 times faster than legacy SAST solutions. Automated remediation—available in both the Mend SAST and Mend SCA solutions—writes the exact code changes needed to fix code flaws, and provides teams with the opportunity to review the recommended code changes and approve or decline them through a pull request — a capability called Merge Confidence. It also integrates with the existing DevOps environment and CI/CD pipeline, so developers don’t need to separately configure or trigger the scan.
- The Mend Vulnerability Database is among the industry’s best and most comprehensive one, as it provides coverage for threats attack vectors with over 270 million open source components and 13 billion files.
This provides developers with all the information they need to find, fix, and address open source vulnerabilities. The database covers over 200 programming languages and over 3 million open source components, aggregating information from a variety of sources including the National Vulnerability Database, security advisories, and open source project issue trackers, multiple times a day.
- The Mend Supply Chain Defender, which helps protect enterprises against software supply chain attacks, detects and blocks malicious open source packages before developers can download them. This can be deployed by individual developers via a plugin to their package managers or enterprises using JFrog Artifactory. Mend SCA Enterprise can also activate Mend Supply Chain Defender to protect all projects linked to a developer’s JFrog Artifactory registries. The solution has secured 92M+ package checks, detecting 4,500+ malicious packages to-date.