The Sonatype Nexus Platform is a software composition analysis tool that scans to build a repository components, and then checks security and licensing to ensure compliance. Sonatype acquired MuseDev in March 2021 to expand the capabilities of the Nexus platform. Current modules available on the…
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
I use FOSSA to scan the licenses of software I use for a side-project of mine. Overall the automated scans and emails work great! It is nice to have the peace of mind that the licenses used to create our software are all above board and cleared for redistribution/re-use. We link it to GitHub, so every push gets scanned by FOSSA as part of our quality control process.
The only issue we have had is sometimes the web app is too slow, and that causes issues with us wanting to continue to use FOSSA over going with another tool. That is the only problem. I noticed it happened more recently, but if that is solved now or will be solved, I would 100% recommend this tool to anyone!