Difference between revisions of "Software Composition Analysis (SCA)"
Jump to navigation
Jump to search
↑ https://github.blog/2020-09-30-code-scanning-is-now-available/
(31 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | [[wikipedia:Software Composition Analysis]] | |
+ | |||
+ | == Options == | ||
+ | * [[License risk management]] | ||
+ | * [[Policy management]] | ||
+ | * [[Vulnerability identification]] | ||
+ | * [[Vulnerability management]] | ||
+ | * [[SDLC]] integration | ||
+ | * [[Container scanning]] | ||
+ | * [[Serverless scanning]] | ||
+ | |||
+ | Reports | ||
+ | * [[Audit report]] | ||
+ | * [[Risk report]] | ||
+ | |||
+ | == Products == | ||
* [[Flexera]]: [[FlexNet Code Insight]] | * [[Flexera]]: [[FlexNet Code Insight]] | ||
− | * [[FOSSA]]: [[Compliance]] | + | * [[FOSSA]]: [[Compliance]]* |
− | * [[GitLab]] | + | * [[Fortify Static Code Analyzer]] (SCA) |
+ | * [[GitLab Ultimate]]: [[GitLab Security Dashboards]] | ||
+ | * [[GitHub code scanning]] (Sep 2020) <ref>https://github.blog/2020-09-30-code-scanning-is-now-available/</ref> | ||
* [[JFrog Xray]] | * [[JFrog Xray]] | ||
− | * [[Snyk]] | + | * [[Snyk]] (2015, UK) |
* [[Sonatype]] | * [[Sonatype]] | ||
* [[Synopsys]]: [[Black Duck]] and [[Black Duck Binary Analysis]] | * [[Synopsys]]: [[Black Duck]] and [[Black Duck Binary Analysis]] | ||
− | * [[Veracode]]: [[Veracode]] | + | * [[Veracode]]: [[Veracode SCA]] (<code>[[srcclr]]</code>) and [[SourceClear]] SCA |
− | * [[WhiteHat Security]] | + | * [[WhiteHat Security]]: WhiteHat Sentinel SCA |
− | * [[WhiteSource]] ( | + | * [[WhiteSource]] (2011): automatic [[remediation]] |
− | + | * [[SonarQube]] (2006-2007) | |
+ | == Related terms == | ||
+ | * [[Application Security Testing (AST)]]: [[SAST]], [[DAST]] | ||
+ | * <code>[[npm audit]]</code> | ||
+ | * <code>[[docker scan]]</code> | ||
+ | * [[Amazon Inspector]] | ||
+ | * [[Static program analysis]]: <code>[[eslint]]</code> | ||
== See also == | == See also == | ||
* [[CA Technologies]] | * [[CA Technologies]] | ||
− | |||
* [[Binary repository manager]] | * [[Binary repository manager]] | ||
* {{SCA}} | * {{SCA}} | ||
− | * {{ | + | * {{AST}} |
[[Category:Security]] | [[Category:Security]] | ||
+ | [[Category:SCA]] |
Latest revision as of 19:21, 16 May 2022
wikipedia:Software Composition Analysis
Contents
Options[edit]
- License risk management
- Policy management
- Vulnerability identification
- Vulnerability management
- SDLC integration
- Container scanning
- Serverless scanning
Reports
Products[edit]
- Flexera: FlexNet Code Insight
- FOSSA: Compliance*
- Fortify Static Code Analyzer (SCA)
- GitLab Ultimate: GitLab Security Dashboards
- GitHub code scanning (Sep 2020) [1]
- JFrog Xray
- Snyk (2015, UK)
- Sonatype
- Synopsys: Black Duck and Black Duck Binary Analysis
- Veracode: Veracode SCA (
srcclr
) and SourceClear SCA - WhiteHat Security: WhiteHat Sentinel SCA
- WhiteSource (2011): automatic remediation
- SonarQube (2006-2007)
Related terms[edit]
- Application Security Testing (AST): SAST, DAST
npm audit
docker scan
- Amazon Inspector
- Static program analysis:
eslint
See also[edit]
- CA Technologies
- Binary repository manager
- Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep, Clair
- Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx
Advertising: