Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Software Composition Analysis Tools
Software Composition Analysis Tools Overview
What are Software Composition Analysis Tools?Software Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.
This becomes increasingly important as modern enterprise applications can comprise 80% to 90% open-source components. Given this ubiquity, the risk of security and IP risks of open-source components can be very significant, and tools to help mitigate these risks become critically important.
Software Composition Analysis Products
Listings (1-14 of 14)
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
FOSSA is a software composition analysis tool that continuously scans for open-source components and tracks dependencies and license compliance.
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software.
FlexNet Code Insight is a software composition analysis tool allowing users to gain visibility and control of all open-source software. Detection of open-source material is based on comparison of source codebase with the contents of a compliance library.
WhiteSource is a solution for agile open source security and license compliance management. WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time. It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulne…
The Sonatype Nexus Platform is a software composition analysis tool that scans to build a repository components, and then checks security and licensing to ensure compliance.
JFrog Xray Multilayer provides analysis of containers and software artifacts for vulnerabilities, license compliance and quality assurance, and continuously governs and audits all artifacts consumed and produced in the CI/CD pipeline.
Idera company Kiuwan offers Insights, a software composition analysis application designed to reduce risk from third-party components. Remediate vulnerabilities and ensure license compliance. Automate policies throughout the SDLC.
WhiteSource Renovate is a free dependency update solution for software developers that automatically resolves outdated dependencies saving developers’ time, reducing risk, and mitigating the impact of security vulnerabilities.
WhiteSource Bolt for GitHub/Azure DevOps is a free app/extension, which scans projects and detects vulnerable open source components. Not only that, but it also provides actionable, validated remediation paths to enable quick resolution.WhiteSource Bolt includes support for over 200 programming lang…
Snyk is a software composition analysis tool designed to find vulnerabilities in source code stored in repositories like GitHub, or to provide container security and vulnerability protection.
Sentinel, from WhiteHat Security headquartered in Santa Clara, California, is an application security and testing platform. Individual components provide software composition analysis, static code analysis, license checking and vulnerability scanning, and support for mobile application security test…