Mend

Mend (formerly WhiteSource) is an application security platform that integrates various security scanning and management features.

Software Composition Analysis (SCA) is utilized to detect vulnerabilities and ensure license compliance in open source components. - Static Application Security Testing (SAST) is employed for analyzing proprietary source code. - Container security scanning helps identify vulnerabilities within container images. - Automated dependency updates are implemented to keep dependencies up to date. - AI model risk analysis capabilities are available for evaluating security risks associated with AI-generated code. - SBOM (Software Bill of Materials) generation and management are included. Key features consist of: - Repository integration with major development platforms. - Real-time vulnerability detection during the development process. - Reachability analysis to identify exploitable vulnerabilities. - License compliance management specifically for open source components. - Centralized management and configuration of security policies. - Integration with CI/CD pipelines and development workflows. - Vulnerability prioritization based on CVSS scores and exploitability assessments. - Container image analysis and security evaluations. - Automated management of dependency updates.

The platform offers distinct interfaces and workflows for both development and security teams. This setup enables each group to operate within their preferred environments while ensuring that security oversight is maintained.