Software Composition Analysis Tools

Software Composition Analysis

3 reviews

BoostSecurity Software Supply Chain Protection on SecurityListing: Software supply chain security platform for SDLC infrastructure protection

DeepSource SCA

Software Composition Analysis

DeepSource SCA on SecurityListing: SCA platform with reachability analysis, AI-powered fixes, and license compliance

Flyingduck Secure Every

Software Composition Analysis

Flyingduck Secure Every Commit on SecurityListing: Commit-level code security scanning for vulnerabilities, secrets, and licenses

Finite State Platform

Software Composition Analysis

Finite State Platform on SecurityListing: Platform for vulnerability detection in firmware, binaries, and SBOMs

Raven Runtime Prevention

Software Composition Analysis

Raven Runtime Prevention on SecurityListing: Runtime protection preventing supply-chain attacks & exploits via library-level policies

Phylum

Software Composition Analysis

Phylum on SecurityListing: Identifies 137 malicious npm packages and gathers system information to a remote server.

FossID Software Composition

Software Composition Analysis

FossID Software Composition Analysis on SecurityListing: SCA tool for code scanning, license identification, and SBOM generation

Endor Labs Application

Software Composition Analysis

4.3

2 reviews

Endor Labs Application Security on SecurityListing: AI-powered AppSec platform for code, dependencies, and container security

pac-resolver

Software Composition Analysis

3.8

pac-resolver on SecurityListing: Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.

Flyingduck Code Security

Software Composition Analysis

3.8

Flyingduck Code Security Intelligence on SecurityListing: SAST tool that detects logical flaws and business logic vulnerabilities

Flyingduck Comprehensive SBOM

Software Composition Analysis

Flyingduck Comprehensive SBOM Management on SecurityListing: SBOM management platform for tracking dependencies and vulnerabilities

Wiz Unified Security

Software Composition Analysis

Wiz Unified Security on SecurityListing: Unified security platform for code, CI/CD, and cloud environments

SonarSource Advanced Security

Software Composition Analysis

SonarSource Advanced Security on SecurityListing: SAST and SCA platform for code security analysis with taint analysis

Kodem Zero-waste Application

Software Composition Analysis

Kodem Zero-waste Application Security on SecurityListing: AI-native AppSec platform for code-to-runtime security with automated triaging

The Code Registry

Software Composition Analysis

The Code Registry Application & Supply Chain Security on SecurityListing: AI-driven app & supply chain security platform with SBOM generation & scanning

Snyk Developer Security

Cloud Security

Snyk is a developer security platform that enables teams to find and automatically fix vulnerabilities in open source dependencies, container images, infrastructure as code, and application code. Unlike traditional security tools that operate as gate-checks, Snyk integrates directly into developer workflows through IDE plugins, CI/CD integrations, and SCM systems, enabling security testing at every stage of development.

Raven Runtime SCA

Software Composition Analysis

Raven Runtime SCA on SecurityListing: Runtime SCA tool that identifies exploitable vulnerabilities in cloud environments

MergeBase Software Composition

Software Composition Analysis

MergeBase Software Composition Analysis on SecurityListing: SCA platform for managing open source vulnerabilities across SDLC

Sabotage: Code added