Gartner defines Software Composition Analysis (SCA) as a technology that analyzes applications and related artifacts (containers, registries, etc.) to detect open-source and third-party software components known to have security and functional vulnerabilities, are out-of-date for security patches, or that pose licensing risks. SCA products and services help ensure the enterprise software supply chain includes only secure components and, therefore, supports secure application development and assembly
"Maximizing Security With Mend in Healthcare: An Inside View"
Our overall experience has been very positive. Given that our products are HIPAA compliant within the healthcare space, we are vigilant on ensuring that we are dealing with any security concerns with open source products. Mend does a great job of scanning our code and highlighting any vulnerabilities and recommended solutions.
"Veracode Detailed Review"
Excellent integration and implementation options. The customer support is prompt and provides in-depth analysis of the vulnerabilities.
"Black Duck CI\CD integration provides useful risk information"
Black Duck provides very useful information on third party licensing and security risks in our products.
"A Comprehensive Examination of a Maven-Based Solution Experience"
Excellent experience from start to end. We started on the free tier to trial the product on our application, moving from our previous open source maven based solution. Setup was simple, maintenance was almost non-existent and the pre-compiled packages for certifications/etc made the supplier onboarding process much more streamlined.
"Timesys Vigilies - a great tool for managing vulnerabilities in embedded Linux devices"
Timesys Vigiles has been a great tool to support with managing vulnerabilities across the SBOM of our products. As an organisation building embedded Linux devices, it has a range of features that match up with our needs far better than other products we evaluated. The reports that we obtain from Vigiles have been useful both for guiding our own vulnerability management and for communicating vulnerability information with our customers. We've been able to use the API features of Vigiles to automatically input SBOMs from our build system.
"Navigating Smoothly: Commits and Branch Management Features"
Throughout the usage of this product, i have used numerous features that i found to be very useful. Fixing merge conflicts right on the website is very convenient. Also scouring through the commits and branches is very easy and overall, i find the UI/UX great.
"Come for the SBOMs stay for the product vision"
The product team, support team, and executives are committed to our success. They are extremely helpful and easy to work with. The product itself solves an important need in a very effective way. We looked at many alternatives and selected this one because we think that we'll be better off in the long run. We'd also heard of many other companies that used them successfully. Their excellent reputation is well deserved.
"Arnica's Powerful Software Enhances Web App Security"
Knowledgeable people over at Arnica, they were able to break down AppSec into truly granular, yet understandable terms. Powerful software capable of leveling up the security of any web application. Extensive features as well as great customer service.
"Best in service and support"
Really happy with the customer provided by the support team
"Great cloud software for software composition analysis"
My experience so far with Revenera has been very good. Securely protecting our applications and managing different compliance has become very easy with the help of Revenera.
"Ease of use, clear and helpful reporting."
Overall Checkmarx SCA (cxOSA) was worked great with us, there are some areas of opportunity in the UI but the way it reports the findings is very clear, informing not only the severity and the risks but also the remediation. Is great that everything is in the same portal, the SAST and SCA solution, we don't need to open several consoles or portals, everything is in the same project, in the same portal.
"CAST Highlight a good portfolio management product"
A good tool for a portfolio analysis, it make easy to detect problematic application and help to fix them. All with a good and simple user interface.
Competitor or alternative data is currently unavailable
See All Alternatives"Great Platform - Accurics"
I can confidently say, Brilliant experience with Accurics. For our cloud-native infrastructure cyber resilience becomes crucial. That's where Accurics come into the picture. It Self heals the cloud infrastructure and mitigates the risk by maintaining the secured runtime.
"Solid penetration test, particularly useful during active development stage."
Automated scans available for a year - works well when developing software as it is simple to re-scan each time the code is updated. Information provided by tool is generally enough for a programmer to know how to mitigate the detected vulnerability. Consulting is available for cases where a programmer is not clear on how to mitigate a vulnerability.
"Reimagining the world of DevSecOps "
We are a new Cloud Defense customer, our experience has been nothing but positive so far. Cloud Defense has been vary helpful during the POV and they continue to be supportive since we bought the product.They are quick to answer and very knowledgeable. They supported us before and after the deployment, helped in properly planning the required resources during our implementation.
"Innovative Open Source Analysis Company "
My company is primarily a Java ecosystem and Sonatype's Nexus Lifecycle product has met our needs to identify and remediate vulnerabilities in the open source software we use. The scans are quick. They integrate with all of the common Java tooling and they have APIs we can write our own logic around. Their support team has responded quickly to any issues. Their product team has been responsive to ideas, complaints, etc. Overall they are a dream vendor to work with.
"A Good Product With Lot of Variety And Capabilities "
Once we started using this product we have been discovering lot of issues, code optimizations, pattern mismatch etc. It helps us in saving a lot of manpower by automatically scanning 1000+ lines of code and pin pointing where the issues are.
"Amazing product for active directory security "
Ossisto 365 scanner is providing very use full report in term of security and Risk assessment, overall its saving time.
Competitor or alternative data is currently unavailable
See All Alternatives"CONTRAST OSS Implementation"
We have just started to implement CONTRAST OSS . Overall this will give us insight when developing new applications. Often dependencies are used and overlooked if they have vulnerabilities or need updates.