Software Composition Analysis (SCA)
(Redirected from Software Composition Analysis)
Jump to navigation
Jump to search
wikipedia:Software Composition Analysis
Contents
Options[edit]
- License risk management
- Policy management
- Vulnerability identification
- Vulnerability management
- SDLC integration
- Container scanning
- Serverless scanning
Reports
Products[edit]
- Flexera: FlexNet Code Insight
- FOSSA: Compliance*
- Fortify Static Code Analyzer (SCA)
- GitLab Ultimate: GitLab Security Dashboards
- GitHub code scanning (Sep 2020) [1]
- JFrog Xray
- Snyk (2015, UK)
- Sonatype
- Synopsys: Black Duck and Black Duck Binary Analysis
- Veracode: Veracode SCA (
srcclr
) and SourceClear SCA - WhiteHat Security: WhiteHat Sentinel SCA
- WhiteSource (2011): automatic remediation
- SonarQube (2006-2007)
Related terms[edit]
- Application Security Testing (AST): SAST, DAST
npm audit
docker scan
- Amazon Inspector
- Static program analysis:
eslint
See also[edit]
- CA Technologies
- Binary repository manager
- Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep, Clair
- Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx
Advertising: