Mend

New York, NY, USA
2011
Dec 1, 2022   |  By Rami Sass
Announced today at AWS re:Invent, Amazon CodeCatalyst brings together everything software development teams need to plan, code, build, test and deploy applications on AWS into a streamlined, integrated experience.
Nov 30, 2022   |  By Patricia Johnson
Testing practices have been shifting left in the software development process due to the growing challenge of developing and delivering high-quality, secure software at today’s competitive pace. Agile methodologies and the DevOps approach were created to address these needs. In this post, we’ll map out the basics of shift-left practices in the DevOps pipeline and discuss how to shift left your open source security and compliance testing. Contents hide 1 What does shift left mean?
Nov 22, 2022   |  By Adam Murray
The ongoing growth in the adoption of cloud services poses escalating opportunities and risks in equal measure. The increased capacity and scalability of cloud environment lends itself to an accelerated pace and higher volume of software and application development than ever before. This trend brings into play a huge increase in the number of software components and dependencies that developers use in their code bases.
Nov 21, 2022   |  By Jeanette Sherman
We’re proud to announce that Bitbucket Cloud users can now unlock the full power of Mend for automatic detection and remediation of open source risk. With the release of our new Bitbucket Cloud integration in the Atlassian Marketplace, Mend now makes it possible for developers to find and eliminate vulnerabilities, all while staying in their Bitbucket Cloud repositories.
Nov 17, 2022   |  By Carol Hildebrand
This is the fifth of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. Be sure to look out for our upcoming blogs on each of the five principles. While IT and security professionals all generally agree that cyberattacks are on the rise, there remains a great deal of disparity in how they choose to prepare for those attacks.
Nov 16, 2022   |  By Ayala Goldstein
Static Application Security Testing (SAST) has been a central part of application security efforts for more than 15 years. Forrester’s State Of Application Security Report, 2022 found that lacking application security remains a leading cause of external security breaches, so it’s safe to say that SAST will be in use for the foreseeable future. Contents hide 1 What Is SAST? 2 Why do we need SAST? 3 What problems does SAST address? 4 How does SAST work?
Nov 16, 2022   |  By Adam Murray
Static Application Security Testing (SAST) has been a central part of application security efforts for more than 15 years. Forrester’s State Of Application Security Report, 2022 found that lacking application security remains a leading cause of external security breaches, so it’s safe to say that SAST will be in use for the foreseeable future.
Nov 10, 2022   |  By Adam Murray
The modern approach to application security includes strategies and technologies that help development teams prioritize the vulnerabilities they should address and fix. By giving these teams tools that efficiently identify security vulnerabilities that present the biggest risk, they can address them as quickly as possible. Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite, got together for a fireside chat to discuss how to implement these strategies.
Nov 7, 2022   |  By Cobi Tal
Here at Mend, we work with businesses of different sizes and maturity across a wide variety of industry sectors, such as healthcare, finance, manufacturing, construction, media, software, and more. One thing they have in common is that they are all involved in software development in one form or another. They use code and software components and dependencies within a DevOps environment to create both internal and customer-facing applications.
Nov 4, 2022   |  By Adam Murray
DevSecOps has become one of the hottest buzzwords in the DevOps ecosystem over the past few years. In the abstract, it’s easy to understand what DevSecOps means and why people care about it: it’s a strategy that extends DevOps efficiencies to software security. But when you sit down and actually start implementing DevSecOps, things can get trickier. There is no switch you can flip to go from DevOps to DevSecOps. Implementation requires a set of tools and practices.
Oct 31, 2022   |  By Mend
The video describes how to use async inventory reporting for Accounts with multiple organizations and how to filter a report by library name before generation for a project, product, or organization using the Mend UI.
Oct 28, 2022   |  By Mend
Are you using JetBrains WebStorm? Mend can integrate with your IDE and quickly detect open source artifacts and their known vulnerabilities. Mend also provides all the information you need to fix these artifacts automatically.
Oct 28, 2022   |  By Mend
The video describes how to use async inventory reporting for Accounts with multiple organizations and how to filter a report by library name before generation for a project, product, or organization using the Mend UI.
Sep 13, 2022   |  By Mend

#policies
This video in the series describeshow the Mend Unified agent can be used to check and fail CI/CD pipelines when open source vulnerabilities and licensing risks are detected.

Aug 17, 2022   |  By Mend
This video in the series describes how Mend can integrate with Artifactory to detect and block malicious packages before they are downloaded.
Jun 30, 2022   |  By Mend
CEO and co-founder of Mend, Rami Sass, discusses the company's evolution, the Mend platform's capabilities, and more on the exhibit floor at RSAC 2022.
Jun 15, 2022   |  By Mend
Mend company celebration of the launch of its rebrand, from WhiteSource Software to Mend. Mend effortlessly secures what developers create. We remove the burden of application security, allowing teams to meet the need to create and deliver quality, secure code faster.
May 31, 2022   |  By Mend
CEO & co-founder Rami Sass speaks at the company celebration of the rebrand from WhiteSource Software, to Mend.
May 25, 2022   |  By Mend
Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.
Apr 13, 2022   |  By Mend
Are you using struggling to fix vulnerabilities in transitive dependencies? WhiteSource can integrate with your repository and provide automatic pull requests with fix recommendations for transitive dependencies.
Jul 1, 2020   |  By Mend
Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another. We decided to address this debate and put it to the test by researching WhiteSource's comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why.
Jul 1, 2020   |  By Mend
We surveyed over 650 developers, and collected data from the NVD, security advisories, peer-reviewed vulnerability databases, issue trackers and more, to gather the latest industry insights in open source vulnerability management.
Jun 1, 2020   |  By Mend
Developers across the industry are stepping up to take more responsibility for their code's vulnerability management. In this report we discuss trends in how security is shifting left to the earliest stages of development, putting the power developers in the front seat. We explore the growth of automated tools aimed at helping developers do more with fewer resources and look for answers on what is needed to help close the gap from detection to remediation.
Jun 1, 2020   |  By Mend
Software development teams are constantly bombarded with an increasingly high number of security alerts. Unfortunately, there is currently no agreed-upon strategy or a straightforward process for vulnerabilities' prioritization. This results in a lot of valuable development time wated on assessing vulnerabilities, while the critical security issues remain unattended.

No component overlooked. Mend identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle. The result? Faster, smoother development without compromising on security.

Not all vulnerabilities are created equal. Mend prioritizes vulnerabilities based on whether your code utilizes them or not, so you know exactly what needs your attention the most. This reduces security alerts by up to 85%, allowing you to remediate more critical issues faster.

Complete Platform:

  • Mend Core: We help you keep things in order. Mend is built to streamline your open source governance. With a full layer of alerting, reporting and policy management, you are effortlessly secure and always in control.
  • Mend for Developers: Mend for Developers is uniquely designed to simplify developers’ work, while keeping the code secure. Its suite of tools helps speed up integration, find problematic components, and remediate them quickly and easily.
  • Mend for Containers: Mend integrates into all stages of the container development lifecycle, including container registries and Kubernetes with automated policy enforcement for maximum visibility and control.

The simplest way to secure and manage open source components in your software.