Best Software Composition Analysis Software

Products Buyer's Guide
9.2
Threatwatch
★★★★★

Threatwatch

Threatwatch is a next-gen vulnerability management platform that allows DevOps teams to assess code repositories, containers and infrastructure without scanner appliances or bulky agents

Best in class, great team, great product!!! - Om S.

Ease of use
Support
Ease of Setup

Languages supported: English

8.8
GitLab
★★★★★

GitLab

An open source web interface and source control platform based on Git.

GitLab : More than version controlling - Jimesh S.

Ease of use
8.6
Support
8.9
Ease of Setup
9.1

Languages supported: English

7.6
Nexus Lifecycle
★★★★★

Nexus Lifecycle

Precise open source intelligence for your entire DevOps pipeline.

Good for Small to Medium Companies - Administrator in Consumer Services

Ease of use
Support
Ease of Setup
0.0
CAST Highlight
★★★★★

CAST Highlight

Portfolio intelligence to simplify complexity, find IT risks and control costs.

Using CAST Highlight with Tidal Migrations was a breeze - David C.

Ease of use
Support
Ease of Setup

Languages supported: English

9.0
Snyk
★★★★★

Snyk

Snyk is a security solution designed to find and fix vulnerabilities in Node.js and Ruby apps.

Simplest way to improve application security is using Snyk - Jean-Alexandre B.

Ease of use
8.6
Support
9.2
Ease of Setup
8.6
9.2
GitHub
★★★★★

GitHub

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over two million people use GitHub to build amazing things together.

A great place to manage your projects. - Carlos F.

Ease of use
8.7
Support
9.4
Ease of Setup
7.8

Platforms: Mac, Win, Linux

Price: $$$$$

Business Size: 0

7.6
Black Duck Software Composition Analysis
★★★★★

Black Duck Software Composition Analysis

Black Duck by Synopsys provides a comprehensive software composition analysis (SCA) solution for managing security, quality, and license compliance risk that comes from the use of open source and third-party code in applications and containers. Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Very basic UI - Administrator in Computer Software

Ease of use
7.6
Support
7.3
Ease of Setup
7.9

Languages supported: German, English, Finnish, French, Irish, Hindi, Japanese, Korean, Dutch, Norwegian, Swedish, Chinese (Simplified)

9.0
JFrog Xray
★★★★★

JFrog Xray

Continuously govern and audit all artifacts consumed and produced in your CI/CD pipeline.

-

Ease of use
Support
Ease of Setup

Languages supported: English

8.0
FlexNet Code Insight
★★★★★

FlexNet Code Insight

FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk, while you build your products and during their lifecycle.

Palamida evalution - Administrator in Information Technology and Services

Ease of use
Support
Ease of Setup

Languages supported: English

0.0
Vigiles
★★★★★

Vigiles

Timesys Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete vulnerability lifecycle management tool: discovery, prioritization, triaging, remediation, compliance and on-going monitoring/alerts. Vigiles readily integrates with build systems ...

-

Ease of use
Support
Ease of Setup
0.0
MergeBase
★★★★★

MergeBase

Trusted by security and development teams at top enterprises, MergeBase provides security and development teams with visibility to the real risk in their applications from vulnerable open source components at every stage of the software development lifecycle with CodeGreen, BuildGreen, and RunGreen.MergeBase accelerates triage by minimizing false positives and deemphasizing vulnerabilities in unused code. It automates remediation during ...

-

Ease of use
Support
Ease of Setup

Languages supported: English

0.0
BluBracket Code Security Suite
★★★★★

BluBracket Code Security Suite

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night. BluBracket gives companies visibility into where source code introduces security risk while also enabling them to fully secure their code—without altering developer workflows or productivity.

-

Ease of use
Support
Ease of Setup
0.0
Hoss
★★★★★

Hoss

Hoss helps teams make better API-driven products. Our simple drop-in solution makes it easy to track and manage third-party APIs. Get visibility into API performance, be alerted of errors before your customers notice, reduce the amount of time spent debugging integrations, and much more.

-

Ease of use
Support
Ease of Setup
B2B Software Guide