LoongWalker/awesome-sca

A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.

Awesome Software Component Analysis(SCA)

A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools and tutorials. SCA is a technique to find third party vulnerable components used in your code.

Contributions welcome. Add links through pull requests or create an issue to start a discussion.

Table of Contents

• Books
• Articles
• Courses
• Free Tools
• Commercial Tools
• Vulnerability Databases
• References
• Credits
• Contributing

Books

• Securing Open Source Libraries By Guy Podjarny

Articles

• Component Analysis from OWASP

Courses and Training

Courses/videos on SCA.

Free

• Software Composition Analysis Deep Dive by Ulisses Albuquerque

Paid

• DevSecOps Professional by Practical DevSecOps
• SANS 540 - Cloud Security and DevSecOps Automation

Free Tools

Javascript

Client Side Libraries - Retire.js

Backend Libraries - NPM Audit

Ruby

• bundler-audit

Java

• Dependancy-Check

Python

• Safety from Pyup

PHP

• Local PHP Security Checker

Golang

• Nancy

.Net

• dotnet CLI
• Dependancy-Check
• WhiteSource Bolt (Free offering that currently works within Azure DevOps or GitHub)

Commercial Tools

Most commercial SCA tools support multiple programming languages like Java, Python, Ruby, Go, PHP,.NET,Scala and license scans.

• Snyk
• SourceClear
• Sonatype
• BlackDuck
• Contrast Security
• WhiteSource
• Whitehat SCA
• Debricked

SCA Vulnerability Databases

• National Vulnerability Database
• Snyk Vulnerabilitydb
• VulnDB Data Mirror
• NIST Data Mirror
• Exploit Database

Credits

• This repo is based on the original work done by our friend @raghunath24

Sponsor

Contributing

Please refer the guidelines at contributing.md for details.