Best Dependency Security · pricing · Updated June 2026
Mend (formerly WhiteSource) pricing (2026)
Mend (formerly WhiteSource) publishes no self-serve price (quote-only), across 3 plans. Best for enterprise AppSec programs. Every figure links to Mend (formerly WhiteSource)'s own page and the date we captured it.
At a glance
- Entry price: Quote-only
- Free tier: No
- Compliance: HIPAA — · SOC 2 Yes · GDPR Yes
- Best for: enterprise AppSec programs; automated dependency hygiene; AI code security; Java/.NET heavy teams
Mend (formerly WhiteSource) plans & pricing
| Plan | Monthly | Annual | Billing | Notes | Source |
|---|---|---|---|---|---|
| Mend AppSec | Quote-only | — | per_seat | Up to $1,000/developer/year (billed annually), quote-driven so no fixed monthly price. Includes SAST, reachability-driven SCA, container scanning, AI-generated code security, AI-powered remediation, automated dependency updates. No per-scan or per-project fees. | mend.io |
| Mend AI | Quote-only | — | per_seat | Up to $300/developer/year (billed annually), quote-driven. AI component discovery (AI-BoM), system prompt hardening, automated red teaming, runtime guardrails, continuous AI governance. | mend.io |
| Mend Renovate Enterprise | Quote-only | — | per_seat | Up to $250/developer/year (billed annually), quote-driven. Automated dependency management, full-scale automation, Merge Confidence ratings, dedicated support. | mend.io |
Last verified 2026-06-18. Pricing re-verified at mend.io/pricing on 2026-06-18. All three products are list-price maximums ('up to $X/dev/year') with actual cost quote-driven, so monthlyUsd is null. Compliance from mend.io/trust: SOC 2 Type II (Schellman), ISO 27001/27017/27701, GDPR; HIPAA not mentioned.
Capabilities
Integrations: GitHub, GitLab, Bitbucket, Azure DevOps, Jenkins, Jira, ServiceNow, Docker, JFrog Artifactory, Microsoft Defender for Cloud.
Key features: Reachability-driven SCA to surface only exploitable vulnerabilities; Automated dependency updates via Mend Renovate (open-source core); AI security for AI-generated code and AI component governance; Unified SAST + SCA + container scanning under one per-developer price.
Plan limits: No per-scan or per-project limitations; No per-GB fees; Contributing developer = any employee/contractor accessing the UI or writing/modifying scanned code; Published prices are maximums; actual quotes may be lower.
Frequently asked questions
Does Mend (formerly WhiteSource) support HIPAA?
Mend (formerly WhiteSource) HIPAA support: —. SOC 2: Yes. GDPR: Yes.
Does Mend (formerly WhiteSource) have a free plan?
Mend (formerly WhiteSource) free tier: No.