For embedded system software development
Integrated Solutions
From project management to design and verification for international standards compliance!
An integrated security solution that covers both open-source and proprietary code—from SCA to SAST
Mend
A solution that identifies and analyzes open-source license/vulnerability risks and code-level security weaknesses across source code, all from a single dashboard.
According to multiple recent studies, more than 80% of commercial software is built using open source, and many organizations struggle with license management, quality issues, and security vulnerabilities in open-source components. Mend (formerly WhiteSource) is an integrated security solution that not only provides SCA capabilities to detect and manage vulnerabilities in open-source components, but also offers static analysis (SAST) for in-house code—enabling organizations to address security risk more effectively. Mend has also been recognized as a Strong Performer among open-source vulnerability analysis solutions in Forrester’s WAVE report, a highly trusted global IT research publication.
Key Features
1
All-in-one security solution across open source and proprietary code
• Unified analysis of open-source component security/license issues and proprietary code security vulnerabilities
• Manage AppSec efficiently with SCA and SAST in a single platform
• Automatically generate SBOMs supporting both CycloneDX 1.4/1.5 and SPDX 2.2/2.3 international standards
• Manage AppSec efficiently with SCA and SAST in a single platform
• Automatically generate SBOMs supporting both CycloneDX 1.4/1.5 and SPDX 2.2/2.3 international standards
2
Real-time vulnerability detection and remediation guidance
• Identify risk factors in open source and custom code using the latest threat intelligence
• Provide automated patch paths, alternative components, and code-fix guidance
• Provide automated patch paths, alternative components, and code-fix guidance
3
Security automation optimized for the software lifecycle
• Security that integrates with IDEs and CI/CD pipelines without disrupting developer workflows
• Automatically enforce organizational security standards with policy-based approvals, blocks, and alerts
• Automatically enforce organizational security standards with policy-based approvals, blocks, and alerts
4
Intuitive reports and dashboards
• Provide visualization tools that reveal security, quality, and license risks at a glance
• Customized reports tailored to the perspectives of development, security, and legal teams
• Customized reports tailored to the perspectives of development, security, and legal teams
5
Support for a wide range of programming languages and frameworks
• Support analysis of more than 200 languages for SCA
• Support more than 30 programming languages for SAST
• Support more than 30 programming languages for SAST
6
Detect security risk in AI/ML-based software
• Analyze security vulnerabilities in open-source libraries and frameworks included in AI models
• Identify AI-specific components and perform policy-based risk assessments
• Identify AI-specific components and perform policy-based risk assessments
7
Container image security and cluster scanning
• Detect vulnerabilities and license risks in Docker and Kubernetes images
• Scan running images in clusters and automatically classify risky containers
• Scan running images in clusters and automatically classify risky containers
Key Capabilities
1
Identify AI models embedded in applications
Mend AI
• Provide comprehensive coverage for more than 500,000 AI models registered on Hugging Face and Kaggle
• Identify dependencies and provide update intelligence for AI models
• Identify licenses and provide an AI-BOM for AI models
• Identify dependencies and provide update intelligence for AI models
• Identify licenses and provide an AI-BOM for AI models
2
Industry-leading open source (SCA) precision
Mend SCA
• Detect emerging vulnerabilities faster through Mend’s proprietary vulnerability labs beyond public NVD lists
• Prevent legal disputes by identifying open-source software licenses
• Provide SBOMs in CycloneDX and SPDX formats, along with reports in various formats
• Prevent legal disputes by identifying open-source software licenses
• Provide SBOMs in CycloneDX and SPDX formats, along with reports in various formats
3
Powerful, fast detection of code-level security weaknesses (CWE)
Mend SAST
• Support 27 languages and a wide range of frameworks including C/C++, Java, C#, and Python
• Real-time analysis and reporting through integration with developers’ repositories
• Prevent source code exfiltration through on-prem analysis with hybrid-cloud capabilities
• Real-time analysis and reporting through integration with developers’ repositories
• Prevent source code exfiltration through on-prem analysis with hybrid-cloud capabilities
4
Detect vulnerabilities in containerized applications
Mend Container
• Deliver comprehensive cloud security by combining static analysis with runtime environment analysis
5
Minimize security exposure through dependency updates
Mend Renovate
• Provide up-to-date open-source intelligence through automated PRs
• Ensure dependencies across all repositories stay current
• Ensure dependencies across all repositories stay current
Industries
Use Cases
1
Automotive
Standardize SBOM submission by release and license compliance checks to meet OEM supply-chain security requirements. Use policies to proactively block prohibited/high-risk licenses and maintain clear vulnerability management and remediation records.
2
Aerospace & Defense
Provide open-source identification, license obligation verification, vulnerability management, and SBOM delivery—requirements from the weapon system software development and management manual—within a single platform. Use pipeline policies and approval workflows to block license conflicts and high-risk vulnerabilities before release.
3
Financial Services
Standardize management of licenses and vulnerabilities across internal frameworks and external libraries through SCA and SAST. Automatically block policy violations and high-risk vulnerabilities in CI pipelines and retain release-by-release SBOMs. Accumulate remediation history and re-scan results as reports to quickly respond to internal controls and regulatory audits.
4
Semiconductor
Manage components of equipment control, field terminal, and portal software with an SBOM for each release. Verify inclusion of supplier modules and license obligations to replace conflicting elements early. Use pre-release quality gates to block critical vulnerabilities and prohibited licenses, reducing production downtime risk.
5
Healthcare
Document medical software components as an SBOM and track vulnerability and license status. Block high-risk items by policy and record remediation details and schedules in reports. Use these outputs to provide evidence for FDA 510(k) security requirements and to systematize post-submission Q&A responses.
6
Software & IT Services
Systematize software component and vulnerability management to meet EU Cyber Resilience Act (CRA) requirements. Prepare security evidence across design, development, and maintenance by generating release-level SBOMs, identifying and prioritizing vulnerabilities, and blocking usage through policy-based controls.
Key Clients
Aerospace & Defense
Share MDS Intelligence content on your SNS!
MDS Intelligence Contact
Contact Us Directly
An MDS Intelligence specialist will assist you accurately and promptly.
mend@mdsit.co.kr
Inquire About Mend
