Difference between revisions of "Software Composition Analysis (SCA)"

wikipedia:Software Composition Analysis

Options

• License risk management
• Policy management
• Vulnerability identification
• Vulnerability management
• SDLC integration
• Container scanning
• Serverless scanning

Reports

• Audit report
• Risk report

Products

• Flexera: FlexNet Code Insight
• FOSSA: Compliance*
• Fortify Static Code Analyzer (SCA)
• GitLab Ultimate: GitLab Security Dashboards
• JFrog Xray
• Snyk (2015, UK)
• Sonatype
• Synopsys: Black Duck and Black Duck Binary Analysis
• Veracode: Veracode SCA and SourceClear SCA
• WhiteHat Security: WhiteHat Sentinel SCA
• WhiteSource (2011): automatic remediation
• SonarQube (2006-2007)

Related terms

• Application Security Testing (AST)
• npm audit
• Amazon Inspector

See also

• CA Technologies
• Binary repository manager
• Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep, Clair
• Security: Security portfolio, Security standards, Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, NIST, SANS, MITRE, Security policy, Access Control attacks, password policy, password cracking, Password manager, MFA, OTP, UTF, Firewall, DoS, Software bugs, MITM, Certified Ethical Hacker (CEH) Contents, Security+ Malware, FIPS, DLP, Network Access Control (NAC), VAPT, SIEM, EDR, SOC, pentest, PTaaS, Clickjacking, MobSF, Janus vulnerability, Back Orifice, Backdoor, CSO, CSPM, PoLP, forensic, encryption, Keylogger, Pwn2Own, CISO, Prototype pollution