Software Composition Analysis
Software Composition Analysis (SCA) tools for identifying security vulnerabilities in open source components, third-party libraries, and software dependencies.
Explore 48 curated cybersecurity tools, with 17,495+ visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
A set of tools for securing JavaScript projects against software supply chain attacks.
A set of tools for securing JavaScript projects against software supply chain attacks.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
A CLI tool for signing and verifying npm and yarn packages.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
Identifies 137 malicious npm packages and gathers system information to a remote server.
Identifies 137 malicious npm packages and gathers system information to a remote server.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
A community effort to compile security advisories for Ruby libraries with a detailed directory structure.
A community effort to compile security advisories for Ruby libraries with a detailed directory structure.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A centralized platform for managing open source components and automating software supply chain security.
A centralized platform for managing open source components and automating software supply chain security.
Automate software supply chain security by blocking malicious open source components
Automate software supply chain security by blocking malicious open source components
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
Helm plugin for cryptographically signing and verifying charts with GnuPG integration.
Helm plugin for cryptographically signing and verifying charts with GnuPG integration.
Lint lockfiles for improved security and trust policies.
Lint lockfiles for improved security and trust policies.
A tool to prevent prototype poisoning in JSON parsing.
A tool to prevent prototype poisoning in JSON parsing.
Package verification tool for npm with various verification and testing capabilities.
Package verification tool for npm with various verification and testing capabilities.
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.
A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.
Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.
Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.
LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.
Software Composition Analysis Tools - FAQ
Common questions about Software Composition Analysis tools including selection guides, pricing, and comparisons.
Software Composition Analysis (SCA) tools for identifying security vulnerabilities in open source components, third-party libraries, and software dependencies.
