Table of contents
What Being a Customer Favorite in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025 Really Means

Our customers have been telling us for months: “You’ve made security simple.”
Today, Forrester confirmed what our customers already knew.
Mend.io has been recognized as a Strong Performer in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025. In our first appearance in the evaluation, we earned top scores in Innovation and Triage. But the recognition that matters most? Being highlighted as a customer favorite.
Trust isn’t given, it’s earned
Forrester noted that Mend.io is “ideal for enterprises that want the simplicity of a platform with great customer support.”
That word – simplicity – might seem modest in a world obsessed with complexity. But achieving simplicity in application security is perhaps the hardest engineering challenge we’ve tackled. It requires understanding not just technology, but the humans who use it every day.
Our customers consistently praised our guidance during selection, smooth onboarding, and ongoing support. They told Forrester what they’ve been telling us: that we help enterprises maximize value from day one.This is the result of thousands of conversations, iterations, and a fundamental belief that security should enable developers, not obstruct them.
The engine built for tomorrow’s code
Our top score in Innovation reflects something deeper than feature velocity. It represents our commitment to solving problems others aren’t addressing.
This is why in their report Forrester also noted that our renovated SAST engine is a major leap forward in accuracy and detection. We couldn’t agree more. Supporting Java, Python, C#, and JavaScript, it delivers the precision teams need while reducing the false positive noise that drowns productivity. But this upgrade is more than incremental, it reflects our strategy to equip SAST for the AI era.
As development teams adopt AI-assisted coding at scale, traditional static analysis must evolve. Mend.io is leading that evolution by combining:
- Higher precision engines that reduce noise and surface only the vulnerabilities that matter.
- AI-based remediation delivered in IDEs, PRs, the platform, and JIRA, ensuring fixes happen at the speed AI code is written.
- AI component security and red teaming to expose hidden risks in AI-generated or AI-driven codebases.
With this approach, we’ve made it so Mend SAST not only detects more but also keeps developers in control as AI accelerates software creation.
Future ready SAST
Being named a Strong Performer is validation, but it’s also momentum. We’ll continue to advance the frontiers of AI-native application security, where accuracy, speed, and customer partnership converge. This is only the beginning. We’re continuously reimagining SAST for the AI era, with ongoing investments to ensure it keeps pace with how software, and threats, are evolving.
But here’s what excites me most: our customers are pushing us to think bigger. They’re asking questions we haven’t considered. They’re sharing challenges we haven’t encountered. They’re partners in the truest sense, helping us build the future of application security together.
To all of our customers: your trust humbles us and your feedback drives us forward.
To those evaluating SAST solutions: I invite you to experience why we’re a customer favorite.
Not because an analyst said so, but because the enterprises using our platform every day wouldn’t have it any other way.