Difference between revisions of "Software Composition Analysis (SCA)"

Latest revision as of 19:21, 16 May 2022

wikipedia:Software Composition Analysis

Options[edit]

Reports

Products[edit]

Flexera: FlexNet Code Insight
FOSSA: Compliance*
Fortify Static Code Analyzer (SCA)
GitLab Ultimate: GitLab Security Dashboards
GitHub code scanning (Sep 2020) ^[1]
JFrog Xray
Snyk (2015, UK)
Sonatype
Synopsys: Black Duck and Black Duck Binary Analysis
Veracode: Veracode SCA (srcclr) and SourceClear SCA
WhiteHat Security: WhiteHat Sentinel SCA
WhiteSource (2011): automatic remediation
SonarQube (2006-2007)

Related terms[edit]

Application Security Testing (AST): SAST, DAST
npm audit
docker scan
Amazon Inspector
Static program analysis: eslint

See also[edit]

CA Technologies
Binary repository manager
Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep
Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx

↑ https://github.blog/2020-09-30-code-scanning-is-now-available/

[1]

@@ Line 1: / Line 1: @@
-{{Draft}}
+[[wikipedia:Software Composition Analysis]]
+== Options ==
+* [[License risk management]]
+* [[Policy management]]
+* [[Vulnerability identification]]
+* [[Vulnerability management]]
+* [[SDLC]] integration
+* [[Container scanning]]
+* [[Serverless scanning]]
+Reports
+* [[Audit report]]
+* [[Risk report]]
+== Products ==
 * [[Flexera]]: [[FlexNet Code Insight]]
-* [[FOSSA]]
+* [[FOSSA]]: [[Compliance]]*
-* [[GitLab]]
+* [[Fortify Static Code Analyzer]] (SCA)
+* [[GitLab Ultimate]]: [[GitLab Security Dashboards]]
+* [[GitHub code scanning]] (Sep 2020) <ref>https://github.blog/2020-09-30-code-scanning-is-now-available/</ref>
 * [[JFrog Xray]]
-* [[Snyk]]
+* [[Snyk]] (2015, UK)
 * [[Sonatype]]
-* [[Synopsys]]
+* [[Synopsys]]: [[Black Duck]] and [[Black Duck Binary Analysis]]
-* [[Veracode]]
+* [[Veracode]]: [[Veracode SCA]] (<code>[[srcclr]]</code>) and [[SourceClear]] SCA
-* [[WhiteHat Security]]
+* [[WhiteHat Security]]: WhiteHat Sentinel SCA
-* [[WhiteSource]] (2016)
+* [[WhiteSource]] (2011): automatic [[remediation]]
+* [[SonarQube]] (2006-2007)
+== Related terms ==
+* [[Application Security Testing (AST)]]: [[SAST]], [[DAST]]
+* <code>[[npm audit]]</code>
+* <code>[[docker scan]]</code>
+* [[Amazon Inspector]]
+* [[Static program analysis]]: <code>[[eslint]]</code>
 == See also ==
 * [[CA Technologies]]
-* [[Forrester]], [[Gartner]]
 * [[Binary repository manager]]
 * {{SCA}}
-* {{security}}
+* {{AST}}
 [[Category:Security]]
+[[Category:SCA]]

Difference between revisions of "Software Composition Analysis (SCA)"

Latest revision as of 19:21, 16 May 2022

Contents

Options[edit]

Products[edit]

Related terms[edit]

See also[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools