Draft:Mend.io

Submission declined on 20 April 2025 by Jlwoodwa (talk). Your draft shows signs of having been generated by a large language model, such as ChatGPT. Their outputs usually have multiple issues that prevent them from meeting our guidelines on writing articles. These include: Promotional tone, editorializing and other words to watch Vague, generic, and speculative statements extrapolated from similar subjects Essay-like writing Hallucinations (plausible-sounding, but false information) and non-existent references Close paraphrasing Please address these issues. The best way to do it is usually to read reliable sources and summarize them, instead of using a large language model. See our help page on large language models. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Jlwoodwa 47 hours ago. Last edited by KylieTastic 46 hours ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 20 April 2025 by Theroadislong (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are: in-depth (not just brief mentions about the subject or routine announcements) reliable secondary strictly independent of the subject Make sure you add references that meet all four of these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia. Declined by Theroadislong 2 days ago.

• Comment: press releases are not independent sources. Theroadislong (talk) 08:38, 20 April 2025 (UTC)

Mend.io, formerly known as WhiteSource, is a privately held software security company specializing in application security and open-source software security.^[1] Founded in 2011 by Rami Sass, Ron Rymon, and Azi Cohen, the company is dual-headquartered in Tel Aviv, Israel, and Boston, Massachusetts.^[1] Mend.io provides an application security platform that helps organizations detect and remediate vulnerabilities in both open-source components and custom code. It has been described as a pioneer in open-source security and software composition analysis (SCA) solutions,^[1] and has expanded its offerings into broader application security including static application security testing (SAST), container security testing and AI security.

WhiteSource was founded in 2011 by Rami Sass (CEO), Ron Rymon, and Azi Cohen with the goal of automating open-source component management for security and compliance.^[1] The company’s software composition analysis tool gained adoption among enterprises for helping developers track open-source libraries, licensing, and known vulnerabilities without slowing development.^[1] By 2018, WhiteSource had over 500 customers, including 23% of Fortune 100 companies, and offices in Tel Aviv, New York, and Boston.^[1]

In October 2018, the company raised a $35 million Series C funding round led by Susquehanna Growth Equity with participation from 83North and Microsoft’s M12 venture fund, bringing its total funding at the time to $46 million.^[1] In the years following, WhiteSource broadened its focus beyond dependency scanning, acquiring multiple companies to add automated dependency updating and static code analysis capabilities.

In April 2021, WhiteSource acquired Diffend, a software supply chain security startup focused on detecting malicious open-source packages.^[2] The same year, WhiteSource closed a $75 million Series D investment led by Pitango Growth, with participation from existing investors M12, Susquehanna, and 83North. This brought the company’s total funding to over $120 million.^[3]

By early 2022, WhiteSource had added static code scanning to its platform. In February 2022, it acquired two European application security startups: Xanitizer (Germany) and DefenseCode (Croatia), enabling static application security testing (SAST) for proprietary code.^[4] These acquisitions marked WhiteSource’s expansion from open-source scanning into vulnerability detection for internal codebases.

In May 2022, the company rebranded as Mend (stylized as Mend.io), reflecting its evolution into a broader application security platform centered on automated remediation.^[5][6] Alongside the rebranding, Mend launched what it described as the industry’s first platform to offer automated remediation for both open-source and custom code vulnerabilities.^[5] CEO Rami Sass explained that the new name symbolizes the company’s goal to help developers “fix” vulnerabilities efficiently by integrating security automation into developer workflows.^[6]

In December 2023, Mend acquired Israeli startup Atom Security, a container security firm specializing in agentless reachability analysis. The acquisition price was not disclosed but was reported as “several million dollars.”^[7] The Atom Security deal was Mend’s fifth acquisition in a span of three years.^[7]

As of 2024, Mend.io reports over 1,000 customers worldwide, including approximately one-quarter of the Fortune 100.^[6] Its client base includes global enterprises such as Microsoft, IBM, Comcast, and KPMG.^[1] The company also maintains a network of channel and technology partners to help scale and integrate its solutions across industries.

Mend.io offers an integrated application security platform that includes several major components:

Mend.io’s original offering is a Software Composition Analysis (SCA) tool that scans open-source dependencies in software projects for known vulnerabilities and license compliance issues.^[1][8] The company maintains a large vulnerability database covering millions of open-source components across more than 200 languages.^[8] The platform can automatically generate pull requests to fix vulnerable libraries, an approach pioneered by WhiteSource to reduce the remediation burden on developers.^[4] This feature helps minimize alert fatigue by offering guided, one-click fixes to developers.

After 2021, Mend.io expanded into proprietary code scanning through the acquisitions of Xanitizer and DefenseCode.^[4] The resulting SAST capabilities analyze source code or binaries for common vulnerabilities, including SQL injection and cross-site scripting (XSS). In 2022, Mend announced it was the first platform to offer automated remediation for SAST findings—providing developers with suggested code patches for vulnerabilities in proprietary code.^[9] This remediation-first approach is intended to accelerate vulnerability resolution within development workflows.^[9]

Mend.io’s supply chain security tools help protect against threats in open-source ecosystems. The Supply Chain Defender module—based on Diffend’s technology—can detect and block risky open-source packages before they are integrated into builds.^[2] For example, Mend's plugin for JFrog Artifactory can prevent the inclusion of suspicious npm or Ruby gems that may contain malware or are part of typosquatting attacks.^[2] These capabilities gained urgency after incidents like the SolarWinds attack. Mend combines supply chain data with SCA and SAST results to provide a holistic view of application risk.^[2]

Following the 2023 acquisition of Atom Security, Mend.io introduced container security features under its platform, sometimes referred to as “Mend Container.” Atom’s agentless reachability analysis enables Mend to prioritize vulnerabilities in container images based on runtime likelihood—without requiring runtime instrumentation.^[7]

In June 2024, Mend launched Mend AI, a product focused on securing artificial intelligence components within software.^[10] Mend AI can automatically discover and catalog AI/ML assets such as pre-trained models, AI frameworks, RAGs, and AI agents.^[11] The tool analyzes each component for licensing, known vulnerabilities, and other security or compliance risks.^[11] Mend AI produces an “AI Bill of Materials” (AI-BOM), giving organizations visibility into AI software elements and enabling them to apply governance and security policies.^[10]

Mend.io emphasizes automation and seamless integration into development workflows. Its platform offers connectors for GitHub, GitLab, Bitbucket, Azure DevOps, and CI/CD tools, embedding security into the software development lifecycle.^[9] By prioritizing actionable results and fix automation, Mend aims to help developers and DevOps teams address vulnerabilities without disrupting productivity.^[9]

Mend.io (formerly WhiteSource) has expanded its technology portfolio through several strategic acquisitions:

• Renovate (2019): In November 2019, WhiteSource acquired Renovate, an open-source dependency update tool developed by Rhys Arkins.^[12] Renovate automates the process of detecting outdated libraries and creating pull requests to update them. WhiteSource made the tool's commercial features freely available and rebranded it as WhiteSource Renovate. The acquisition added automated dependency management capabilities to WhiteSource's SCA product, helping developers proactively reduce risks from outdated components.

• Diffend (2021): In April 2021, WhiteSource acquired Diffend, a stealth-mode startup focused on software supply chain security.^[2] Diffend developed technology to detect malicious or anomalous open-source packages, such as typosquatting attacks or hidden malware. Its features became the basis for Mend’s supply chain security module (often referred to as Mend Supply Chain Defender).^[2] The acquisition addressed increasing concerns over supply chain attacks and enabled Mend to vet open-source components before use.

• Xanitizer (2022): In January 2022, WhiteSource acquired Xanitizer, a German company known for high-precision static application security testing (SAST).^[4] Xanitizer specialized in low-false-positive detection of code vulnerabilities in languages such as Java and C#. The acquisition provided WhiteSource with a mature SAST engine and supported its transition into proprietary code scanning.

• DefenseCode (2022): In early 2022, WhiteSource also acquired DefenseCode, a Croatian application security company.^[4]

• Atom Security (2023): In December 2023, Mend.io acquired Atom Security, an Israeli startup specializing in container security.^[7] Founded earlier in 2023, Atom developed an agentless reachability analysis engine that predicts which vulnerabilities in container images are likely to be triggered during runtime—without requiring runtime instrumentation. ^[13] The deal was valued at “several million dollars” and marked Mend’s fifth acquisition in three years.^[7] Atom’s co-founders joined Mend, with co-founder Bar-El Tayouri becoming Head of Mend AI following the acquisition. Atom’s technology was integrated into Mend’s container security products, enhancing prioritization of exploitable vulnerabilities. ^[7]

These acquisitions supported Mend’s strategy to offer a unified and comprehensive application security platform. Renovate improved developer maintenance workflows; Diffend addressed supply chain risks; Xanitizer and DefenseCode expanded into proprietary code security; and Atom Security bolstered cloud-native and container security. The company reportedly invested “tens of millions of dollars” across these acquisitions.^[14]

• Software composition analysis
• Static application security testing
• Software supply chain
• Application security