Software Composition Analysis
Browse 30 cybersecurity tools tagged with "Software Composition Analysis"
DerSecur Software Composition
Risk Assessment
DerSecur Software Composition Analysis (SCA) on SecurityListing: SCA tool for SBOM generation, dependency analysis, and open-source risk mgmt.
Flyingduck Software Composition
API Security
Flyingduck Software Composition Analysis on SecurityListing: SCA tool for identifying & resolving vulnerabilities in dependencies
Anchore Enterprise
Container Security
Anchore Enterprise on SecurityListing: Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
Invicti Software Composition
Vulnerability Assessment
Invicti Software Composition Analysis on SecurityListing: SCA tool with proof-based validation and runtime analysis for open-source risks
Ossprey
Threat Intelligence Platforms
Ossprey on SecurityListing: Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
BoostSecurity Software Supply
Software Composition Analysis
BoostSecurity Software Supply Chain Protection on SecurityListing: Software supply chain security platform for SDLC infrastructure protection
Phylum
Software Composition Analysis
Phylum on SecurityListing: Identifies 137 malicious npm packages and gathers system information to a remote server.
FossID Software Composition
Software Composition Analysis
FossID Software Composition Analysis on SecurityListing: SCA tool for code scanning, license identification, and SBOM generation
Raven Runtime Prevention
Software Composition Analysis
Raven Runtime Prevention on SecurityListing: Runtime protection preventing supply-chain attacks & exploits via library-level policies
Finite State Platform
Software Composition Analysis
Finite State Platform on SecurityListing: Platform for vulnerability detection in firmware, binaries, and SBOMs
DeepSource SCA
Software Composition Analysis
DeepSource SCA on SecurityListing: SCA platform with reachability analysis, AI-powered fixes, and license compliance
Heeler Runtime, Fixability-First
Threat Intelligence Platforms
Heeler Runtime, Fixability-First SCA on SecurityListing: Runtime SCA tool prioritizing fixable & exploitable open-source vulnerabilities
MatosSphere Software Composition
Container Security
MatosSphere Software Composition Analysis on SecurityListing: SCA tool for detecting vulnerabilities & license risks in open-source deps
Jsmon 2.0
API Security
Jsmon 2.0 on SecurityListing: JavaScript security scanner for detecting vulnerabilities in third-party scripts
Endor Labs Application
Software Composition Analysis
Endor Labs Application Security on SecurityListing: AI-powered AppSec platform for code, dependencies, and container security
Koi Platform
Risk Assessment
Koi Platform on SecurityListing: Tracks, governs, and secures software installs across endpoints and marketplaces.
pac-resolver
Software Composition Analysis
pac-resolver on SecurityListing: Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
Raven Runtime SCA
Software Composition Analysis
Raven Runtime SCA on SecurityListing: Runtime SCA tool that identifies exploitable vulnerabilities in cloud environments
Anchore Secure
Container Security
Anchore Secure on SecurityListing: Container & source code scanning for vulnerabilities, malware, and secrets
MergeBase Software Composition
Software Composition Analysis
MergeBase Software Composition Analysis on SecurityListing: SCA platform for managing open source vulnerabilities across SDLC
Wiz Supply Chain
Container Security
Wiz Supply Chain Security on SecurityListing: Cloud-native SCA and SBOM platform for supply chain security across code to runtime
Snyk Developer Security
Cloud Security
Snyk is a developer security platform that enables teams to find and automatically fix vulnerabilities in open source dependencies, container images, infrastructure as code, and application code. Unlike traditional security tools that operate as gate-checks, Snyk integrates directly into developer workflows through IDE plugins, CI/CD integrations, and SCM systems, enabling security testing at every stage of development.
SCANOSS Licence Dataset
API Security
SCANOSS Licence Dataset on SecurityListing: Open source license compliance dataset for detecting code snippets & obligations
Sabotage: Code added
Software Composition Analysis
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus on SecurityListing: A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
SCANOSS Security Dataset
API Security
SCANOSS Security Dataset on SecurityListing: Vulnerability detection dataset for declared & undeclared dependencies in code
SCANOSS Encryption Dataset
Risk Assessment
SCANOSS Encryption Dataset on SecurityListing: Identifies cryptographic algorithms and libraries in code for compliance
SCANOSS Geo Provenance
Risk Assessment
SCANOSS Geo Provenance Dataset on SecurityListing: Identifies geographic origin and authorship of open source code components
Raven Runtime Application
Container Security
Raven Runtime Application Protection on SecurityListing: Runtime app protection with function-level reachability and exploit prevention
Flyingduck Comprehensive SBOM
Software Composition Analysis
Flyingduck Comprehensive SBOM Management on SecurityListing: SBOM management platform for tracking dependencies and vulnerabilities
The Code Registry
Software Composition Analysis
The Code Registry Application & Supply Chain Security on SecurityListing: AI-driven app & supply chain security platform with SBOM generation & scanning