Software Composition AnalysisSoftware Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.Black Duck1https://dudodiprj2sv7.cloudfront.net/vendor-logos/tO/Va/E68B01X6OEJ2-180x180.JPEGFlexNet Code Insight2https://dudodiprj2sv7.cloudfront.net/vendor-logos/Qe/C7/1LPUUZKERTT1-180x180.PNGProtecode Enterprise3https://dudodiprj2sv7.cloudfront.net/vendor-logos/ky/p4/16CCCCNC46D6-180x180.PNGWhiteSource4https://dudodiprj2sv7.cloudfront.net/vendor-logos/9D/Zj/BOLGRLQ9VMWC-180x180.PNGVeracode Software Composition Analysis5https://dudodiprj2sv7.cloudfront.net/vendor-logos/9T/wq/TVFBN81FV5B0.pngNexus Auditor6https://dudodiprj2sv7.cloudfront.net/vendor-logos/sC/6K/J4VO38KJH4C2-180x180.JPEGSourceClear7https://dudodiprj2sv7.cloudfront.net/vendor-logos/SC/Qk/Q14GG2OP31M5-180x180.JPEGFOSSA8https://dudodiprj2sv7.cloudfront.net/vendor-logos/UU/6U/N5ITH2MIK1EW-180x180.JPEGSnyk9https://dudodiprj2sv7.cloudfront.net/vendor-logos/sj/ci/PTENTD35HSIM-180x180.JPEG

Software Composition Analysis Tools

Software Composition Analysis Tools Overview

What are Software Composition Analysis Tools?

Software Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.

This becomes increasingly important as modern enterprise applications can comprise 80% to 90% open-source components. Given this ubiquity, the risk of security and IP risks of open-source components can be very significant, and tools to help mitigate these risks become critically important.

Software Composition Analysis Products

Listings (1-9 of 9)

FlexNet Code Insight

We don't have enough ratings and reviews to provide an overall score.

FlexNet Code Insight is a software composition analysis tool allowing users to gain visibility and control of all open-source software. Detection of open-source material is based on comparison of source codebase with the contents of a compliance library.

Protecode Enterprise

We don't have enough ratings and reviews to provide an overall score.

Protecode Enterprise is a Software Composition Analysis product designed to automatically generate and maintain a list of all open-source components being used in a the source code. It tracks and monitors vulnerabilities affecting these components and manages open-source license compliance.

WhiteSource

We don't have enough ratings and reviews to provide an overall score.

WhiteSource automates the entire process of open source components selection, approval, and management, including finding and fixing vulnerable components. It becomes part of the software development lifecycle (SDLC).According to the vendor, the product provides software development and security...

Veracode Software Composition Analysis

We don't have enough ratings and reviews to provide an overall score.

Veracode Software Composition Analysis builds an inventory of all open-source components to identify vulnerabilities, covering open source and commercial code.

Nexus Auditor

We don't have enough ratings and reviews to provide an overall score.

Sonatype Nexus Auditor is a software composition analysis tool that scans to build a repository components, and then checks security and licensing to ensure compliance.

SourceClear

We don't have enough ratings and reviews to provide an overall score.

SourceClear is a platform providing visibility and control over open-source code, and allowing teams to collaborate in remediating security and compliance issues.

FOSSA

We don't have enough ratings and reviews to provide an overall score.

FOSSA is a software composition analysis tool that continuously scans for open-source components and tracks dependencies and license compliance.

Snyk

We don't have enough ratings and reviews to provide an overall score.

Snyke is a software composition analysis tool designed to find vulnerabilities in source code stored in repositories like GitHub.