awesome-sca
A comprehensive list of Software Composition Analysis Tools.
Following repo contains a collection of SCA tools which can be used to analyze risks in third party components which were used as part of code. Feel free to add up any new tools.
**Note: ©️ stands for proprietary sofware, Rest belongs to Free and Open Source softwares. **
Table of Contents
- Programming Languages
- Multiple Languages
- Vulnerability Databases
- SCA Platform
- Books
- Vulnerable Apps
- References
Programming Languages
Javascript
Ruby
Multiple Languages
- BlackDuck ©️ Open source software security audit
- Bytesafe ©️ Discover and manage vulnerabilities in your dependencies
- Contrast Security ©️
- Debricked ©️
- Dependancy-Check - OWASP Dependancy-check supports Java, .Net. Additional experimental support has been added for Ruby,Node.js,Python and Limited C/C++ build systems.(autoconf and cmake)
- Flexera ©️
- nexB ©️
- RogueWave ©️
- Snyk ©️ continuously find and fix vulnerabilities in your depandancies. it supports JS,Java,Python,Ruby,Go,PHP,.NET,Scala etc.
- Sonatype ©️
- Veracode ©️ (formerly SourceClear) - Thirdparty component analysis for Java, Ruby, Javascript, PHP, Python, Scala, Kotlin, C/C++, Objective C, Swift, Go, and .NET
- WhiteSource ©️ - Secure your opensource components for C#,Java,C++,.NET,PHP,Python,Ruby,Docker,nodejs,Javascript etc.
- Whitehat SCA ©️
Vulnerability Databases
- Debricked Vulnerability Database
- Exploit Database
- National Vulnerability Database
- Snyk Vulnerabilitydb
- VulnDB Data Mirror
- NIST Data Mirror
SCA Platform
Books
- Securing Open Source Libraries By Guy Podjarny