Software Composition Analysis (SCA) Reviews and Ratings

Software Composition Analysis (SCA)

Gartner defines Software Composition Analysis (SCA) as a technology that analyzes applications and related artifacts (containers, registries, etc.) to detect open-source and third-party software components known to have security and functional vulnerabilities, are out-of-date for security patches, or that pose licensing risks. SCA products and services help ensure the enterprise software supply chain includes only secure components and, therefore, supports secure application development and assembly

Products In Software Composition Analysis (SCA) Market

"Maximizing Security With Mend in Healthcare: An Inside View"

Our overall experience has been very positive. Given that our products are HIPAA compliant within the healthcare space, we are vigilant on ensuring that we are dealing with any security concerns with open source products. Mend does a great job of scanning our code and highlighting any vulnerabilities and recommended solutions.

Read reviews

"Veracode Detailed Review"

Excellent integration and implementation options. The customer support is prompt and provides in-depth analysis of the vulnerabilities.

Read reviews

"A Comprehensive Examination of a Maven-Based Solution Experience"

Excellent experience from start to end. We started on the free tier to trial the product on our application, moving from our previous open source maven based solution. Setup was simple, maintenance was almost non-existent and the pre-compiled packages for certifications/etc made the supplier onboarding process much more streamlined.

Read reviews

"Black Duck CI\CD integration provides useful risk information"

Black Duck provides very useful information on third party licensing and security risks in our products.

Read reviews

"Timesys Vigilies - a great tool for managing vulnerabilities in embedded Linux devices"

Timesys Vigiles has been a great tool to support with managing vulnerabilities across the SBOM of our products. As an organisation building embedded Linux devices, it has a range of features that match up with our needs far better than other products we evaluated. The reports that we obtain from Vigiles have been useful both for guiding our own vulnerability management and for communicating vulnerability information with our customers. We've been able to use the API features of Vigiles to automatically input SBOMs from our build system.

Read reviews

"Navigating Smoothly: Commits and Branch Management Features"

Throughout the usage of this product, i have used numerous features that i found to be very useful. Fixing merge conflicts right on the website is very convenient. Also scouring through the commits and branches is very easy and overall, i find the UI/UX great.

Read reviews

"Discover High-quality Customer Support with Tenable Cloud Security"

The reason to choose Tenable Cloud Security is the multiple features and best customer support by 24/7. It also provides a detailed dashboard that helps you see the overall status in one place.

Read reviews

"Come for the SBOMs stay for the product vision"

The product team, support team, and executives are committed to our success. They are extremely helpful and easy to work with. The product itself solves an important need in a very effective way. We looked at many alternatives and selected this one because we think that we'll be better off in the long run. We'd also heard of many other companies that used them successfully. Their excellent reputation is well deserved.

Read reviews

"Arnica's Powerful Software Enhances Web App Security"

Knowledgeable people over at Arnica, they were able to break down AppSec into truly granular, yet understandable terms. Powerful software capable of leveling up the security of any web application. Extensive features as well as great customer service.

Read reviews

"Best in service and support"

Really happy with the customer provided by the support team

Read reviews

"Great cloud software for software composition analysis"

My experience so far with Revenera has been very good. Securely protecting our applications and managing different compliance has become very easy with the help of Revenera.

Read reviews
Competitors and Alternatives
Flexera vs VeracodeSee All Alternatives

"Ease of use, clear and helpful reporting."

Overall Checkmarx SCA (cxOSA) was worked great with us, there are some areas of opportunity in the UI but the way it reports the findings is very clear, informing not only the severity and the risks but also the remediation. Is great that everything is in the same portal, the SAST and SCA solution, we don't need to open several consoles or portals, everything is in the same project, in the same portal.

Read reviews

"CAST Highlight a good portfolio management product"

A good tool for a portfolio analysis, it make easy to detect problematic application and help to fix them. All with a good and simple user interface.

Read reviews
Competitors and Alternatives

Competitor or alternative data is currently unavailable

See All Alternatives

"Solid penetration test, particularly useful during active development stage."

Automated scans available for a year - works well when developing software as it is simple to re-scan each time the code is updated. Information provided by tool is generally enough for a programmer to know how to mitigate the detected vulnerability. Consulting is available for cases where a programmer is not clear on how to mitigate a vulnerability.

Read reviews

"Reimagining the world of DevSecOps "

We are a new Cloud Defense customer, our experience has been nothing but positive so far. Cloud Defense has been vary helpful during the POV and they continue to be supportive since we bought the product.They are quick to answer and very knowledgeable. They supported us before and after the deployment, helped in properly planning the required resources during our implementation.

Read reviews

"Innovative Open Source Analysis Company "

My company is primarily a Java ecosystem and Sonatype's Nexus Lifecycle product has met our needs to identify and remediate vulnerabilities in the open source software we use. The scans are quick. They integrate with all of the common Java tooling and they have APIs we can write our own logic around. Their support team has responded quickly to any issues. Their product team has been responsive to ideas, complaints, etc. Overall they are a dream vendor to work with.

Read reviews
Competitors and Alternatives
Sonatype vs CheckmarxSee All Alternatives

"A Good Product With Lot of Variety And Capabilities "

Once we started using this product we have been discovering lot of issues, code optimizations, pattern mismatch etc. It helps us in saving a lot of manpower by automatically scanning 1000+ lines of code and pin pointing where the issues are.

Read reviews

"Amazing product for active directory security "

Ossisto 365 scanner is providing very use full report in term of security and Risk assessment, overall its saving time.

Read reviews
Competitors and Alternatives

Competitor or alternative data is currently unavailable

See All Alternatives

"Shift Left SCA Benefits"

The SCA product in Shift Left is straight forward and useful.

Read reviews

"CONTRAST OSS Implementation"

We have just started to implement CONTRAST OSS . Overall this will give us insight when developing new applications. Often dependencies are used and overlooked if they have vulnerabilities or need updates.

Read reviews
Products 1 - 20