Mend.io Blog

Announcing the launch of our cloud-based solution for automated dependency updates.

CVSS base scores are up in the latest version of the scoring system. What does that mean for AppSec practitioners?

An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.

Backstage offers wide views and controls across the development process and with the Mend.io plugin, deep insights into application risks overall or by project.

This post covers the attack flow, how it happened, and the importance of supply chain security.

SBOMs alone are overwhelming. Learn how VEX adds context, highlighting real threats for efficient risk management.

See why Mend.io is recognized as a Strong Performer in The Forrester Wave™ Software Composition Analysis (SCA) Q4 2024 report.

Learn about Infrastructure as Code (IaC) best practices, benefits, and tools.

Learn about retrieval-augmented generation, one complex AI system that developers are using.

Learn how package health data empowers developers to update safely and efficiently.

October is Cybersecurity Awareness Month. Learn how to protect your software and reduce risks with AppSec tips.

This blog is for your friends and family working outside of the security and technical industries.

DAST is an essential part of a nutritious application security diet—not just a once-a-quarter treat.

Streamline workflows, consolidate data, boost security posture, and empower developers to focus on innovation.

A quick guide to the Known Exploited Vulnerabilities (KEV) catalog.

Explore our application security complete guide and find key trends, testing methods, best practices, and tools to safeguard your software.