Difference between revisions of "Software Composition Analysis (SCA)"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
− | |||
[[wikipedia:Software Composition Analysis]] | [[wikipedia:Software Composition Analysis]] | ||
Revision as of 14:00, 6 December 2021
wikipedia:Software Composition Analysis
Contents
Options
- License risk management
- Policy management
- Vulnerability identification
- Vulnerability management
- SDLC integration
- Container scanning
- Serverless scanning
Reports
Products
- Flexera: FlexNet Code Insight
- FOSSA: Compliance*
- Fortify Static Code Analyzer (SCA)
- GitLab Ultimate: GitLab Security Dashboards
- JFrog Xray
- Snyk (2015, UK)
- Sonatype
- Synopsys: Black Duck and Black Duck Binary Analysis
- Veracode: Veracode SCA and SourceClear SCA
- WhiteHat Security: WhiteHat Sentinel SCA
- WhiteSource (2011): automatic remediation
- SonarQube (2006-2007)
Related terms
See also
- CA Technologies
- Binary repository manager
- Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep, Clair
- Security: Security portfolio, Security standards, Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, NIST, SANS, MITRE, Security policy, Access Control attacks, password policy, password cracking, Password manager, MFA, OTP, UTF, Firewall, DoS, Software bugs, MITM, Certified Ethical Hacker (CEH) Contents, Security+ Malware, FIPS, DLP, Network Access Control (NAC), VAPT, SIEM, EDR, SOC, pentest, PTaaS, Clickjacking, MobSF, Janus vulnerability, Back Orifice, Backdoor, CSO, CSPM, PoLP, forensic, encryption, Keylogger, Pwn2Own, CISO, Prototype pollution
Advertising: