Guides
Protect AI models, data, and systems
Test for behavioral risks in conversational AI
Mitigating risks and future trends
AppSec types, tools, and best practices
Automating dependency updates
Manage open source code
Keep source code safe
Improve transparency, security, and compliance
Pre-production scanning and runtime protection
Secure containerized applications
The Top 11 Web Vulnerability Scanners
Discover the top 11 web vulnerability scanners and learn why they are essential for protecting your web applications from hackers.
Securing AI vs AI for security: What are we talking about?
This post breaks down the differences between securing AI, secure AI use, AI for security, and AI safety.
Fake VS Code Extension on npm Spreads Multi-Stage Malware
Learn about a fake VS-code extension on npm—truffelvscode—typosquatting the popular truffle for VS-code extension.
2025 OWASP Top 10 for LLM Applications: A Quick Guide
An overview of the top vulnerabilities affecting large language model (LLM) applications.
AI Powered Remediation: Mend SAST Performs +46% Better Than Competitors
See how Mend SAST's AI powered automated remediation eliminates vulnerabilities with speed & accuracy.
Mend.io and JetBrains Partner to Bring Enhanced Code Security to Developers
Announcing a partnership between Mend.io and JetBrains for IDE and Qodana.
Mend Renovate Enterprise Cloud: Dependency Updates at Scale
Announcing the launch of our cloud-based solution for automated dependency updates.
CVSS 3.1 vs CVSS 4.0: A Look at the Data
CVSS base scores are up in the latest version of the scoring system. What does that mean for AppSec practitioners?
CVE-2024-50379: A Critical Race Condition in Apache Tomcat
An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.
Mend.io – Backstage Integration: Bringing Security Insights Where You Need Them
Backstage offers wide views and controls across the development process and with the Mend.io plugin, deep insights into application risks overall or by project.
The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security
This post covers the attack flow, how it happened, and the importance of supply chain security.
Benefits of VEX for SBOMs
SBOMs alone are overwhelming. Learn how VEX adds context, highlighting real threats for efficient risk management.
Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024
See why Mend.io is recognized as a Strong Performer in The Forrester Wave™ Software Composition Analysis (SCA) Q4 2024 report.
Infrastructure as Code: How It Works & Top Tools in 2025
Learn about Infrastructure as Code (IaC) best practices, benefits, and tools.
All About RAG: What It Is and How to Keep It Secure
Learn about retrieval-augmented generation, one complex AI system that developers are using.
Vital Signs of Software Dependencies: Understanding Package Health
Learn how package health data empowers developers to update safely and efficiently.
Join our subscriber list to get the latest news and updates
Thanks for signing up!
