Software Composition Analysis
Software Composition Analysis (SCA) tools for identifying security vulnerabilities in open source components, third-party libraries, and software dependencies.
Browse 163 software composition analysis tools
FEATURED
RELATED TASKS
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
Identifies 137 malicious npm packages and gathers system information to a remote server.
Identifies 137 malicious npm packages and gathers system information to a remote server.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
A community effort to compile security advisories for Ruby libraries with a detailed directory structure.
A community effort to compile security advisories for Ruby libraries with a detailed directory structure.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A centralized platform for managing open source components and automating software supply chain security.
A centralized platform for managing open source components and automating software supply chain security.
Automate software supply chain security by blocking malicious open source components
Automate software supply chain security by blocking malicious open source components
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
Helm plugin for cryptographically signing and verifying charts with GnuPG integration.
Helm plugin for cryptographically signing and verifying charts with GnuPG integration.
Lint lockfiles for improved security and trust policies.
Lint lockfiles for improved security and trust policies.
A tool to prevent prototype poisoning in JSON parsing.
A tool to prevent prototype poisoning in JSON parsing.
Package verification tool for npm with various verification and testing capabilities.
Package verification tool for npm with various verification and testing capabilities.
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.
A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.
Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.
Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.
LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.
Software Composition Analysis Tools - FAQ
Common questions about Software Composition Analysis tools including selection guides, pricing, and comparisons.
Software Composition Analysis (SCA) tools for identifying security vulnerabilities in open source components, third-party libraries, and software dependencies.
