Mend

Mend.io, formerly known as WhiteSource, is an application security company that aims to make security a necessary and empowering aspect of software development, rather than a hindrance. The company’s mission is to provide application security that is frictionless for developers and scalable for security teams. Mend.io’s core goal is to help development teams deliver quality, secure code more rapidly by removing the traditional burdens associated with application security. It offers a suite of enterprise-grade tools that provide distinct but complementary solutions for both developers and security personnel. This approach is intended to foster collaboration and evolve application security programs to proactively manage risk.

Mend.io is recognized as a leader in the application security market, with a strong reputation for handling complex, large-scale security needs for demanding clients, including 25 percent of the Fortune 100. The company is known for its automated technology that protects against vulnerabilities in open-source and custom code, as well as threats related to software supply chains and malicious packages. Mend.io also manages Renovate, an open-source project for automated dependency updates. Its platform is designed to integrate smoothly into existing development workflows, automating the discovery and fixing of security risks.

Offerings, Capabilities, and Integrations

Mend.io, formerly known as WhiteSource, provides an enterprise-level application security platform designed to help organizations proactively manage application risk. The company’s offerings focus on securing both open-source and custom code, as well as containerized applications and the use of AI in development. Mend.io’s competitive edge lies in its AI-native platform that not only identifies vulnerabilities but also provides AI-powered remediation, significantly reducing the time developers spend on fixing security issues. This focus on automation and developer-centric tools allows for seamless integration into existing software development lifecycles (SDLC), which helps to build a reputation for accelerating development while mitigating risk. The platform offers extensive integrations with a wide range of development and DevOps tools, including IDEs, source control management systems, and CI/CD pipelines, such as those from Microsoft, GitHub, Atlassian, and AWS.

Products and Services

Mend.io’s core offering is its AI-native Application Security Platform, which encompasses a suite of tools designed to work together to provide a holistic view of application security. The platform’s pricing is based on the number of contributing developers. Key products and services include:

• Mend SCA (Software Composition Analysis): As a flagship product, Mend SCA detects, prioritizes, and helps remediate security vulnerabilities and license compliance issues in open-source components. It features reachability analysis to identify vulnerabilities that are actually executable.
• Mend SAST (Static Application Security Testing): This service analyzes custom code for security vulnerabilities, providing AI-powered fixes directly within the developer’s workflow to reduce alert fatigue.
• Mend Container: This product provides security for containerized applications by scanning for vulnerabilities in open-source components within container images.
• Mend AI: A newer offering, Mend AI provides visibility and control over AI models and components used in applications. It includes features for managing AI component inventories, assessing AI-related risks, and conducting AI red teaming to test for behavioral risks.
• Mend Renovate: An open-source and enterprise tool that automates dependency updates to keep projects secure and up-to-date, reducing security risks by up to 70%.
• Expansion Options: Mend.io also offers premium services such as DAST (Dynamic Application Security Testing), API Security, and End-of-Life (EOL) support for open-source projects.

Target Customers

Mend.io targets a broad range of customers, from startups to large enterprises, including 25% of the Fortune 100. The company’s solutions are designed for organizations that develop their own applications and need to ensure they are secure and compliant. Mend.io specifically caters to two primary user groups within these organizations: software developers and security teams. For developers, the platform provides tools that integrate directly into their existing workflows, offering fast feedback and automated remediation to minimize disruption. For security teams, Mend.io offers a centralized platform to manage and prioritize application security risks across the organization, enabling them to establish a mature and proactive security program. Customers in industries such as retail, IT services, and healthcare and biotech benefit from Mend.io’s ability to help them deliver secure software quickly and efficiently.

Cloud Integrations and Marketplaces

Mend offers a range of cloud integrations and is present on major cloud marketplaces, enabling security and development teams to incorporate its application security platform into their cloud environments.

• Microsoft Azure: Mend integrates with various Microsoft Azure services. It offers Mend for Azure Repos, which scans repositories and provides remediation advice directly within the Azure Repos environment. Mend also has an integration with Azure DevOps pipelines to detect vulnerable open-source components and enforce license compliance. Furthermore, Mend integrates with Microsoft Defender for Cloud to provide vulnerability analysis. Mend supports the Azure Container Registry as well. The Mend AppSec Platform is available on the Microsoft Azure Marketplace, and its procurement can contribute towards a customer’s Azure Consumption Commitment (MACC).
• Amazon Web Services (AWS): Mend maintains a strategic collaboration with AWS and delivers its SaaS solution on the AWS platform. It integrates with several AWS services, including AWS CodeBuild for automated scanning, Amazon CodeCatalyst for providing vulnerability alerts within its user interface, and AWS CodeCommit through its Renovate solution for automated dependency updates. An integration for AWS Lambda is also available to scan and monitor deployed functions. Mend is listed on the AWS Marketplace.
• Google Cloud Platform (GCP): Mend provides an integration with Google Cloud Build to automate the scanning of projects within the CI/CD pipeline. It also supports the Google Container Registry. The Mend AppSec Platform is available for procurement through the Google Cloud Marketplace.

Key People

• Co-Founder & CEO: Rami Sass.
• Co-Founder & President: Azi Cohen.
• Chief Financial Officer: Ilan Sidi.
• Chief Marketing Officer: Maya Rotenberg.
• EVP Corporate Development: Vered Shaked.
• EVP Engineering: Yaron Avisror.
• EVP Product: Nir Stern.
• EVP HR: Galit Gold.
• EVP Customer Experience: Robert Nilsson.
• EVP Global Sales: Amir Halevy.

Key Facts

• Headquarters Location: Givatayim, Israel (Corporate) and Boston, MA, USA (North America).
• Number of Employees: 201-500.
• Annual Revenue: $50 Million to $100 Million.
• Parent Company: None.
• Subsidiary Companies: Atom Security, Xanitizer, Diffend, Whitesource Renovate.
• Publicly Listed: No.

Analyst Recognition

Mend is recognized by industry analyst firms Gartner and Forrester for its role in the application security market.

• Gartner has positioned Mend as a Visionary in its 2023 Magic Quadrant for Application Security Testing. This recognition is based on the company’s completeness of vision and ability to execute in the application security testing space.
• Forrester has identified Mend as a Strong Performer in The Forrester Wave™: Software Composition Analysis, Q4 2024. Mend is also included in Forrester’s The Static Application Security Testing Solutions Landscape, Q2 2025.

There are no specific analyst recognitions for Mend from IDC or Everest Group based on the available information.