Guides
Protect AI models, data, and systems
Test for behavioral risks in conversational AI
Mitigating risks and future trends
AppSec types, tools, and best practices
Automating dependency updates
Manage open source code
Keep source code safe
Improve transparency, security, and compliance
Pre-production scanning and runtime protection
Secure containerized applications
Cloud Security Architecture: A Practical Guide
Learn about Cloud Security Architecture. Understand the importance, core principles, and threats to secure your cloud environment effectively.
From WhiteSource to Mend—A Rebrand Journey
From WhiteSource to Mend—A Rebrand Journey. Follow our evolution from open source to all code application security.
WhiteSource is Now Mend: You Code, We Cure
Mend, formerly WhiteSource, focuses on automating application security with a remediation-first approach for open source and custom code.
Vulnerability Remediation: A Practical Guide
Practical guide to vulnerability remediation for developers & security teams. Learn how to detect, prioritize, fix, & monitor vulnerabilities.
What is the NIST Supply Chain Risk Management Program?
Discover the NIST Supply Chain Risk Management Program.. Learn how to manage cybersecurity risks in digital supply chains effectively.
Why Vulnerability Management Must Go Beyond CVSS to Priority Scoring
Learn why vulnerability management must go beyond CVSS to priority scoring for better open source security and remediation prioritization.
AWS Targeted by a Package Backfill Attack
Discover how AWS was targeted by a malicious package backfill attack, the methods used by attackers, and how to protect against such attacks.
5 Vulnerability Assessment Scanning Tools: 5 Solutions Compared
Discover the top 5 vulnerability assessment scanning tools and learn how to prioritize and remediate vulnerabilities to secure your org.
Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation
Learn best practices for immediate remediation of the Spring4Shell vulnerability, including detection, and prioritization.
Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965
Learn about the Spring4Shell Zero-Day Vulnerability CVE-2022-22965 with information, updates, mitigation guidance, and more.
How To Set A Benchmark Of False Positives With SAST Tools
Learn how to set benchmarks for false positives in SAST tools to enhance application security and improve developer efficiency.
How To Address SAST False Positives In Application Security Testing
Address SAST false positives in your application security testing. Explore causes, preventive measures, and the benefits of using Mend SAST.
SAST vs. SCA: 7 Key Differences
Discover the 7 key differences between SAST and SCA tools in application security. Learn how they integrate into the SDLC process.
Mend SAST: The Next Generation of Application Security
Learn about our innovative approach to detecting and remediating custom code vulnerabilities for a more secure future.
Five Critically Important Facts About npm Package Security
Learn about the five critical facts about npm package security, including how attackers exploit trust, default behaviors, and dependency hell.
CVE-2021-44142: Vulnerability in Samba Enables Bad Actors to Execute Arbitrary Code as Root
CVE-2021-44142 allows bad actors to execute arbitrary code as root on Samba. Learn about the vulnerability, exploit, and how to fix it.
