Mend (formerly WhiteSource)

Mend Renovate scans the repo for outdated dependencies.

Renovate checks for breaking changes and tests the new version.

A Pull Request is automatically generated.

CI tests run on the PR.

The PR is merged if tests pass.

Mend scans all open-source libraries in the build.

Policies detect a 'GPLv3' license.

The build is automatically failed in Jenkins.

A report is sent to the legal team for review.

Developers are notified to find an MIT-licensed alternative.

Security team searches the Mend dashboard for the specific CVE.

Mend lists every application and container containing the library.

One-click 'Remediate All' triggers update PRs across all repositories.

Real-time tracking monitors the patching progress globaly.

Developer writes code in VS Code.

Mend extension highlights a vulnerable library in real-time.

Developer selects 'Update version' from the IDE menu.

Vulnerability is resolved before the code is even committed.

Mend scans the Dockerfile and final image in the registry.

Identify vulnerable Linux packages (e.g., OpenSSL).

Recommend the most secure base image version.

Block deployment of high-risk containers to Kubernetes.

Mend runs Reachability Analysis on the codebase.

Filters out vulnerabilities where the code path never touches the flawed library.

Team focuses exclusively on the 'Reachable' 15% of alerts.

Productivity increases as non-critical noise is removed.

Mend is used to scan the target's entire codebase.

Generate a comprehensive report on security debt and license risks.

Determine the cost of remediation before finalizing the acquisition.