Software Composition AnalysisSoftware Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.Veracode1https://media.trustradius.com/product-logos/K0/dX/QSOMV5IRKTZI-180x180.PNGBlack Duck2https://media.trustradius.com/product-logos/C5/F3/47OT5WIKIDIL-180x180.JPEGCAST Highlight3https://media.trustradius.com/vendor-logos/WZ/3U/Z8W0ZWKFRK5L-180x180.JPEGFOSSA4https://media.trustradius.com/vendor-logos/UU/6U/N5ITH2MIK1EW-180x180.JPEGCheckmarx5https://media.trustradius.com/product-logos/kP/nL/EVRM2KK9NNJV.jpegFlexNet Code Insight6https://media.trustradius.com/vendor-logos/Qe/C7/1LPUUZKERTT1-180x180.PNGWhiteSource7https://media.trustradius.com/product-logos/tp/T1/AO62T87E0BSN-180x180.PNGSonatype Nexus Platform8https://media.trustradius.com/vendor-logos/sC/6K/J4VO38KJH4C2-180x180.JPEGJFrog Xray9https://media.trustradius.com/vendor-logos/UF/jw/2GDJRB8F97R6-180x180.JPEGKiuwan Insights10https://media.trustradius.com/product-logos/E4/PR/L1RUDJHIE89B-180x180.JPEGWhiteSource Renovate11https://media.trustradius.com/product-logos/my/dW/6JZAI2S80Z2L-180x180.PNGWhiteSource Bolt12https://media.trustradius.com/product-logos/dj/ET/M0BZ2HTMG1IN-180x180.PNGSnyk13https://media.trustradius.com/vendor-logos/sj/ci/PTENTD35HSIM-180x180.JPEGWhiteHat Sentinel14https://media.trustradius.com/product-logos/Bo/OM/67CF0EMOPU82.png

Software Composition Analysis Tools

Software Composition Analysis Tools Overview

What are Software Composition Analysis Tools?

Software Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.

This becomes increasingly important as modern enterprise applications can comprise 80% to 90% open-source components. Given this ubiquity, the risk of security and IP risks of open-source components can be very significant, and tools to help mitigate these risks become critically important.

Software Composition Analysis Products

Listings (1-14 of 14)

8 Ratings

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.

CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.

1 Ratings

FOSSA is a software composition analysis tool that continuously scans for open-source components and tracks dependencies and license compliance.

We don't have enough ratings and reviews to provide an overall score.

FlexNet Code Insight is a software composition analysis tool allowing users to gain visibility and control of all open-source software. Detection of open-source material is based on comparison of source codebase with the contents of a compliance library.

We don't have enough ratings and reviews to provide an overall score.

WhiteSource is a solution for agile open source security and license compliance management. WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time. It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulne…

We don't have enough ratings and reviews to provide an overall score.

The Sonatype Nexus Platform is a software composition analysis tool that scans to build a repository components, and then checks security and licensing to ensure compliance.

We don't have enough ratings and reviews to provide an overall score.

JFrog Xray Multilayer provides analysis of containers and software artifacts for vulnerabilities, license compliance and quality assurance, and continuously governs and audits all artifacts consumed and produced in the CI/CD pipeline.

We don't have enough ratings and reviews to provide an overall score.

Idera company Kiuwan offers Insights, a software composition analysis application designed to reduce risk from third-party components. Remediate vulnerabilities and ensure license compliance. Automate policies throughout the SDLC.

We don't have enough ratings and reviews to provide an overall score.

WhiteSource Renovate is a free dependency update solution for software developers that automatically resolves outdated dependencies saving developers’ time, reducing risk, and mitigating the impact of security vulnerabilities.

We don't have enough ratings and reviews to provide an overall score.

WhiteSource Bolt for GitHub/Azure DevOps is a free app/extension, which scans projects and detects vulnerable open source components. Not only that, but it also provides actionable, validated remediation paths to enable quick resolution.WhiteSource Bolt includes support for over 200 programming lang…

We don't have enough ratings and reviews to provide an overall score.

Snyk is a software composition analysis tool designed to find vulnerabilities in source code stored in repositories like GitHub, or to provide container security and vulnerability protection.

We don't have enough ratings and reviews to provide an overall score.

Sentinel, from WhiteHat Security headquartered in Santa Clara, California, is an application security and testing platform. Individual components provide software composition analysis, static code analysis, license checking and vulnerability scanning, and support for mobile application security test…