Mend.io - Hongke Electronics Co.

HONGKE Mend Application Security Platform

You focus on programming, we solve the problems!

We Cure.

By removing the burden of AppSec, we free up developers to build the apps that power the world.

Reduced Mean Time Between Failures

0 %

Developers use

0 %+

Scale up to 10,000 developers in a matter of days

0 +

Quickly Repair Key Vulnerability

Automatically reduces software attack surface

Trusted Prioritization and Updates Reduce Software Exposure 90%

Reducing the burden on developers

Context-free switching and integrated local workflows eliminate time-consuming security research

Accelerated application delivery

Reduced repair time by 80% to help developers meet demanding deadlines

Platform Advantage

Automatic Remediation

Industry's first open source and customized code.

Seamless Integration

Local Developer Workflow in Repo and SDLC

Determine business priorities

Trustworthy algorithms to highlight real risks

Unlimited Expansion

Supports unlimited number of applications

Integrated Application Security

An intuitive interface across open source and custom code optimizes efficiency and convenience.

SAST

Our next-generation SAST product detects custom code defects 10 times faster than traditional SAST products. It seamlessly integrates with software developers' existing workflows and development environments so they can easily trigger security tests while writing code.

SCA

We are the market leader in SCA. From identifying open source components, including horizontal dependencies, to automated remediation, we offer the most accurate and developer-friendly products on the market. Use open source resources freely and fearlessly without compromising security and agility.

Supply Chain Defender

Attacks on the software supply chain are on the rise. We block malicious open source software before your developers download it. Prevent typo attacks, ATO attacks, Makefile pollution, Bitcoin mining and other forms of malicious activity.

Trusted by customers worldwide

Developer Community

We provide developers with the tools they need to realize a successful AppSec strategy.
Check out Reovate, our popular free tool that provides automatic proactive reliance on updates to improve code quality and reduce technical debt.

FAQs

Product FAQ

What's Mend?

Mend.io (formerly known as WhiteSource) is the maker of application security products that effortlessly protect content created by developers. Mend.io removes the burden of application security and enables teams to create and deliver high-quality, secure code.

The Mend Applied Security Platform includes Mend SCA and Mend SAST.

How does Mend SCA work?

Our plugin integrates with your repositories, build tools, CI servers and more. It calculates the digital signatures of all components without scanning the code. It then cross-references the digital signatures with those in the Mend.io database to detect open source components in your product. An up-to-date report is generated immediately with all components and issues detected.

If you have integrated Mend SCA with the generation pipeline, a report is generated every time you run generation. If you have integrated Mend SCA with the developer's repository, Mend SCA detects and displays vulnerabilities as soon as code is written and/or accessed to the repository.

How does Mend SAST work?

Our SAST product uses a hybrid architecture. It scans your software locally, so your source code never leaves your premises. Analytics, automated remediation, reporting and other functions are all done in the cloud. This gives you the best of both worlds - a local scanning program that gives you peace of mind and no management or maintenance headaches.

Where does vulnerability information come from?

The Mend.io database is the largest and most mature open source vulnerability database. It contains over 300,000 vulnerable components aggregated from CVE/NVD and a variety of other sources such as the GitHub issue tracker, security bulletins, and open source project issue trackers.

Mend.io uses a proprietary, patented algorithm that matches between the vulnerability and the affected version, thus ensuring that no false positives are wasted on developer time.

Is it possible to mandate the implementation of a self-defined strategy? How to do it?

Yes, Mend.io automatically enforces policies throughout the software development process. You can define policies based on the severity of security vulnerabilities, open source license type, severity of software bugs, age of components, etc. You can approve, reject, start the approval flow or open problem tickets according to your conditions and definitions.

Additionally, Mend.io offers a browser extension that notifies developers whether a component complies with an organization's policies before it is downloaded.

What types of reports does the Mend product offer?

We offer a variety of reports to help you monitor all your open source activities, such as inventory reports, due diligence reports, high severity error reports, vulnerability reports, and more.

Can I use your application security platform without an internet connection?

Some plug-ins for Mend SCA can be used in isolated environments by generating an update request and saving the request locally as a text file. For these plug-ins, the files can later be moved to an online environment for automatic or manual updates.

Enterprise Cloud IT Solutions

Test Measurement

Automotive Electronics

Biomedicine

Industrial AR

Optical Inspection

Industrial Internet of Things

Visual Inspection

Industrial Measurement

Autopilot