Software Composition Analysis
Software Composition Analysis (SCA) tools for identifying security vulnerabilities in open source components, third-party libraries, and software dependencies.
Explore 99 curated cybersecurity tools, with 15,426 visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to build security programs
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
Identifies cryptographic algorithms and libraries in code for compliance
Identifies cryptographic algorithms and libraries in code for compliance
OpenSCA Project is a dependency security scanner that runs in the browser.
OpenSCA Project is a dependency security scanner that runs in the browser.
SCA tool for vulnerability detection, malicious code identification & remediation
SCA tool for vulnerability detection, malicious code identification & remediation
Malware detection across SDLC, DevOps pipelines, and open-source components
Malware detection across SDLC, DevOps pipelines, and open-source components
Secures build processes with attestation, artifact verification, and SLSA support
Secures build processes with attestation, artifact verification, and SLSA support
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
JavaScript security scanner for detecting vulnerabilities in third-party scripts
JavaScript security scanner for detecting vulnerabilities in third-party scripts
Platform for vulnerability detection in firmware, binaries, and SBOMs
Platform for vulnerability detection in firmware, binaries, and SBOMs
AI-native AppSec platform with SAST, SCA, container & dependency mgmt.
AI-native AppSec platform with SAST, SCA, container & dependency mgmt.
Universal artifact repository & software supply chain security platform
Universal artifact repository & software supply chain security platform
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
Black Duck is an application security platform that provides software composition analysis and supply chain security capabilities to identify vulnerabilities, ensure license compliance, and manage SBOMs throughout the software development lifecycle.
Black Duck is an application security platform that provides software composition analysis and supply chain security capabilities to identify vulnerabilities, ensure license compliance, and manage SBOMs throughout the software development lifecycle.
Runtime app protection with function-level reachability and exploit prevention
Runtime app protection with function-level reachability and exploit prevention
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
JavaScript library scanner and SBOM generator
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
A tool to run YARA rules against node_module folders to identify suspicious scripts
A tool to run YARA rules against node_module folders to identify suspicious scripts
Comprehensive suite for advanced file analysis and software supply chain security.
Comprehensive suite for advanced file analysis and software supply chain security.
Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.
Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.
A cryptographic framework that secures software update systems by enabling publishers to sign content offline and consumers to verify authenticity through trusted verification mechanisms.
A cryptographic framework that secures software update systems by enabling publishers to sign content offline and consumers to verify authenticity through trusted verification mechanisms.
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
Software Composition Analysis Tools - FAQ
Common questions about Software Composition Analysis tools including selection guides, pricing, and comparisons.
Software Composition Analysis (SCA) tools for identifying security vulnerabilities in open source components, third-party libraries, and software dependencies.
