Software Composition Analysis Tools

Best Software Composition Analysis Tools include:

Black Duck, JFrog Xray, WhiteSource, Sonatype Nexus Platform, FlexNet Code Insight, FOSSA, Snyk, and WhiteSource Bolt.

Software Composition Analysis Tools Overview

What are Software Composition Analysis Tools?

Software Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.

This becomes increasingly important as modern enterprise applications can comprise 80% to 90% open-source components. Given this ubiquity, the risk of security and IP risks of open-source components can be very significant, and tools to help mitigate these risks become critically important.

Software Composition Analysis Products

(1-18 of 18) Sorted by Most Reviews

Veracode
27 ratings
54 reviews
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Black Duck
4 ratings
3 reviews
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
CAST Highlight
0 ratings
1 review
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
Checkmarx
8 ratings
1 review
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, C…
Micro Focus Fortify on Demand
5 ratings
1 review
Micro Focus Fortify on Demand (formerly HP Fortify on Demand) is an application security and testing platform acquired by Micro Focus from Hewlett-Packard Enterprise. The security as a service supplies dynamic (DAST) and static (SAST) application testing, as well as source code analysis powered by S…
FOSSA
0 ratings
1 review
FOSSA is a software composition analysis tool that continuously scans for open-source components and tracks dependencies and license compliance.
FlexNet Code Insight
FlexNet Code Insight is a software composition analysis tool allowing users to gain visibility and control of all open-source software. Detection of open-source material is based on comparison of source codebase with the contents of a compliance library.
Sonatype Nexus Platform
The Sonatype Nexus Platform is a software composition analysis tool that scans to build a repository components, and then checks security and licensing to ensure compliance.
Contrast OSS
Contrast OSS delivers automated open source risk management by embedding security and compliance checks in applications throughout the development process while performing continuous monitoring in production. The vendor states Contrast OSS can identify vulnerable components, determine if they are ac…
Debricked
Debricked is a swedish tech-startup with roots in Lund university. Born out of a research project about software security, their saas-service was created with the objective to provide user friendly, automated open source security that people actually enjoy using. The product also covers license comp…
Revenera FlexNet Code Aware
FlexNet Code Aware is a free code scanner that scans Java, NuGet and NPM packages looking for license compliance, IP, and security vulnerability risks. An automated, high-level package analysis, Code Aware helps development teams deliver secure products to customers while protecting IP and avoiding …
WhiteSource Bolt
WhiteSource Bolt for GitHub/Azure DevOps is a free app/extension, which scans projects and detects vulnerable open source components. Not only that, but it also provides actionable, validated remediation paths to enable quick resolution.WhiteSource Bolt includes support for over 200 programming lang…
WhiteSource Renovate
WhiteSource Renovate is a free dependency update solution for software developers that automatically resolves outdated dependencies saving developers’ time, reducing risk, and mitigating the impact of security vulnerabilities.
Kiuwan Insights
Idera company Kiuwan offers Insights, a software composition analysis application designed to reduce risk from third-party components. Remediate vulnerabilities and ensure license compliance. Automate policies throughout the SDLC.
JFrog Xray
JFrog Xray Multilayer provides analysis of containers and software artifacts for vulnerabilities, license compliance and quality assurance, and continuously governs and audits all artifacts consumed and produced in the CI/CD pipeline.
WhiteHat Sentinel
Sentinel, from WhiteHat Security headquartered in Santa Clara, California, is an application security and testing platform. Individual components provide software composition analysis, static code analysis, license checking and vulnerability scanning, and support for mobile application security test…
Snyk
Snyk is a software composition analysis tool designed to find vulnerabilities in source code stored in repositories like GitHub, or to provide container security and vulnerability protection.
WhiteSource
WhiteSource is a solution for agile open source security and license compliance management. WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time. It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulne…

Learn More About Software Composition Analysis Tools

What are Software Composition Analysis Tools?

Software Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.

This becomes increasingly important as modern enterprise applications can comprise 80% to 90% open-source components. Given this ubiquity, the risk of security and IP risks of open-source components can be very significant, and tools to help mitigate these risks become critically important.