Guides
Protect AI models, data, and systems
Test for behavioral risks in conversational AI
Mitigating risks and future trends
AppSec types, tools, and best practices
Automating dependency updates
Manage open source code
Keep source code safe
Improve transparency, security, and compliance
Pre-production scanning and runtime protection
Secure containerized applications
AI Powered Remediation: Mend SAST Performs +46% Better Than Competitors
See how Mend SAST's AI powered automated remediation eliminates vulnerabilities with speed & accuracy.
Mend.io and JetBrains Partner to Bring Enhanced Code Security to Developers
Announcing a partnership between Mend.io and JetBrains for IDE and Qodana.
Mend Renovate Enterprise Cloud: Dependency Updates at Scale
Announcing the launch of our cloud-based solution for automated dependency updates.
CVSS 3.1 vs CVSS 4.0: A Look at the Data
CVSS base scores are up in the latest version of the scoring system. What does that mean for AppSec practitioners?
CVE-2024-50379: A Critical Race Condition in Apache Tomcat
An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.
Mend.io – Backstage Integration: Bringing Security Insights Where You Need Them
Backstage offers wide views and controls across the development process and with the Mend.io plugin, deep insights into application risks overall or by project.
The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security
This post covers the attack flow, how it happened, and the importance of supply chain security.
Benefits of VEX for SBOMs
SBOMs alone are overwhelming. Learn how VEX adds context, highlighting real threats for efficient risk management.
Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024
See why Mend.io is recognized as a Strong Performer in The Forrester Wave™ Software Composition Analysis (SCA) Q4 2024 report.
Infrastructure as Code: How It Works & Top Tools in 2025
Learn about Infrastructure as Code (IaC) best practices, benefits, and tools.
All About RAG: What It Is and How to Keep It Secure
Learn about retrieval-augmented generation, one complex AI system that developers are using.
Vital Signs of Software Dependencies: Understanding Package Health
Learn how package health data empowers developers to update safely and efficiently.
It‘s Cybersecurity Awareness Month-Let‘s Talk AppSec
October is Cybersecurity Awareness Month. Learn how to protect your software and reduce risks with AppSec tips.
Cybersecurity Awareness Month: AI Safety for Friends and Family
This blog is for your friends and family working outside of the security and technical industries.
Don’t Treat DAST Like Dessert
DAST is an essential part of a nutritious application security diet—not just a once-a-quarter treat.
The Power of Platform-Native Consolidation in Application Security
Streamline workflows, consolidate data, boost security posture, and empower developers to focus on innovation.
Join our subscriber list to get the latest news and updates
Thanks for signing up!