Veracode offers application security and testing software. The company was acquired by CA Technologies in 2017 but sold again by Broadcom after Broadcom acquired CA Technologies.
Software Composition Analysis Tools
Software Composition Analysis Tools Overview
What are Software Composition Analysis Tools?Software Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.
This becomes increasingly important as modern enterprise applications can comprise 80% to 90% open-source components. Given this ubiquity, the risk of security and IP risks of open-source components can be very significant, and tools to help mitigate these risks become critically important.
Software Composition Analysis Products
Listings (1-13 of 13)
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software.
Sentinel, from WhiteHat Security headquartered in Santa Clara, California, is an application security and testing platform. Individual components provide software composition analysis, static code analysis, license checking and vulnerability scanning, and support for mobile application security t...
FlexNet Code Insight is a software composition analysis tool allowing users to gain visibility and control of all open-source software. Detection of open-source material is based on comparison of source codebase with the contents of a compliance library.
WhiteSource is a solution for agile open source security and license compliance management. WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time. It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vu...
The Sonatype Nexus Platform is a software composition analysis tool that scans to build a repository components, and then checks security and licensing to ensure compliance.
SourceClear is a platform providing visibility and control over open-source code, and allowing teams to collaborate in remediating security and compliance issues.
FOSSA is a software composition analysis tool that continuously scans for open-source components and tracks dependencies and license compliance.
Snyke is a software composition analysis tool designed to find vulnerabilities in source code stored in repositories like GitHub, or to provide container security and vulnerability protection.
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
WhiteSource Bolt for GitHub/Azure DevOps is a free app/extension, which scans projects and detects vulnerable open source components. Not only that, but it also provides actionable, validated remediation paths to enable quick resolution.WhiteSource Bolt includes support for over 200 programming l...
JFrog Xray Multilayer provides analysis of containers and software artifacts for vulnerabilities, license compliance and quality assurance, and continuously governs and audits all artifacts consumed and produced in the CI/CD pipeline.