Mend.io Named a Strong Performer and a Customer Favorite in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025

In first-ever Forrester SAST Wave appearance, Mend.io earns top scores for Innovation and Triage, while customers praise platform simplicity and support

BOSTON, MA, September 9, 2025 — Mend.io, the leader in application security for modern software development, today announced its recognition as a Strong Performer in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025. In its first appearance in the Forrester evaluation, Mend.io earned top scores in the Innovation and Triage criteria, while being highlighted as a customer favorite.

The report evaluated 10 of the most significant SAST vendors against 23 criteria grouped into two categories: Current Offering and Strategy. Additionally, Forrester engages with customers directly to get first-hand product and vendor feedback. Forrester noted that Mend.io is “ideal for enterprises that want the simplicity of a platform with great customer support.”

“Being named a Strong Performer is both validation and momentum,” said Rami Sass, CEO and Co-founder of Mend.io. “This recognition reflects how we’ve transformed the application security experience for our customers, eliminating friction and advancing AI-native SAST to keep pace with evolving software and threats.”

Renovated Engine, Real Results

Forrester noted Mend.io’s upgraded SAST engine, now supporting Java, Python, C#, and JavaScript. The update offers higher accuracy, better detection rates, and fewer false positives, easing the burden on security teams. This upgrade goes beyond technical tweaks, it’s built for the speed and scale of modern development, by directly addressing the rise of AI-generated code that traditional static analysis can’t keep up with.

Where Innovation Meets Developer Workflow

Mend.io’s top score in Innovation reflects its approach to making security actionable rather than aspirational. The platform delivers AI-based remediation directly where developers work, in IDEs, pull requests, JIRA tickets, and the Mend platform itself, ensuring fixes happen at the speed AI code is written.

This innovation extends beyond remediation to the fundamental challenge of scale: ensuring SAST can keep pace with the new volume and velocity of code, particularly as AI reshapes both development and security. When vulnerabilities surface, fixes need to follow immediately, matching the unprecedented speed at which modern software is created.

This is why the company has also pioneered AI component security and red teaming capabilities that expose behavioral risks unique to AI-driven applications. These features address an entirely new class of vulnerabilities that traditional SAST tools miss. 

“Security teams don’t need more dashboards showing problems,” added Sass. “They need solutions that fix those problems without breaking stride. That’s what continues to drive every decision in our SAST development.”

Customer Trust Drives Success

Recognition from analysts matters, but what matters more is trust from the people using the Mend.io platform every day. Customers consistently praise the company’s onboarding, ongoing support, and simplicity. That combination is why Mend.io was named a customer favorite. From first evaluation to full rollout, customers trust Mend.io to make security fast, accurate, and seamless, without slowing innovation.