Ping Identity Transforms Software Security and Development Velocity with Mend.io

Ping Identity needs to ensure not only that their applications are protected, but that their applications won’t be a weak point in a supply chain attack on their customers. And like all modern tech businesses, they also need to manage the complications of open source licensing to keep their intellectual property safe and compelling to investors.

When Bruno Lavit joined Ping Identity in 2014 as the Director of Software Engineering and Release Manager, his team was manually scanning for vulnerabilities and tracking open source licenses. “After a few months, I said, ‘We have to automate this,'” Lavit recalls. Lavit and his team moved to evaluate potential vendors based on vulnerability detection, automated workflows and license compliance checks, comprehensive coverage, and ease of use.

Ping Identity chose Mend SCA to automate and strengthen their security practices, improving vulnerability detection and remediation. Mend.io’s container-scanning capabilities catered to Ping Identity’s cloud-native products, and its reports supported data-driven decision-making. Automated license checks ensured open source compliance, reducing legal risks.

The ease of Mend.io’s onboarding and integration aligned with Ping Identity’s need for a tool that could deliver instant results without disrupting their existing processes. “Mend SCA was really the best solution we found because it was fully automated. In a half an hour, we were able to scan the first product. It was really a click and play and really easy to use,” Lavit said.

The implementation of Mend SCA has delivered significant results for Ping Identity, transforming their approach to software security and vulnerability management. The platform has enabled them to strengthen their security posture with proactive identification and remediation of critical vulnerabilities, increase efficiency through automated workflows, and accelerate faster product releases.

Lavit noted, “Since we started using Mend.io, we are able to deliver products without any high CVEs.” He also highlighted the platform’s effectiveness in managing complex vulnerabilities like Log4J. “When something like Log4J is happening, they have good analysis on which version of ForgeRock (Ping Identity) is using the vulnerable library version,” he said.

Ping Identity provides identity and access management (IAM) solutions, helping organizations securely manage user identities and control access to applications and resources.