Difference between revisions of "Software Composition Analysis (SCA)"
Jump to navigation
Jump to search
Line 24: | Line 24: | ||
* [[Sonatype]] | * [[Sonatype]] | ||
* [[Synopsys]]: [[Black Duck]] and [[Black Duck Binary Analysis]] | * [[Synopsys]]: [[Black Duck]] and [[Black Duck Binary Analysis]] | ||
− | * [[Veracode]]: [[Veracode SCA]] and [[SourceClear]] SCA | + | * [[Veracode]]: [[Veracode SCA]] (<code>[[srcclr]]</code>) and [[SourceClear]] SCA |
* [[WhiteHat Security]]: WhiteHat Sentinel SCA | * [[WhiteHat Security]]: WhiteHat Sentinel SCA | ||
* [[WhiteSource]] (2011): automatic [[remediation]] | * [[WhiteSource]] (2011): automatic [[remediation]] |
Revision as of 13:10, 28 January 2022
wikipedia:Software Composition Analysis
Contents
Options
- License risk management
- Policy management
- Vulnerability identification
- Vulnerability management
- SDLC integration
- Container scanning
- Serverless scanning
Reports
Products
- Flexera: FlexNet Code Insight
- FOSSA: Compliance*
- Fortify Static Code Analyzer (SCA)
- GitLab Ultimate: GitLab Security Dashboards
- JFrog Xray
- Snyk (2015, UK)
- Sonatype
- Synopsys: Black Duck and Black Duck Binary Analysis
- Veracode: Veracode SCA (
srcclr
) and SourceClear SCA - WhiteHat Security: WhiteHat Sentinel SCA
- WhiteSource (2011): automatic remediation
- SonarQube (2006-2007)
Related terms
See also
- CA Technologies
- Binary repository manager
- Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep
- Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx
Advertising: