Software Composition Analysis (SCA) Reviews and Ratings

Our overall experience has been very positive. Given that our products are HIPAA compliant within the healthcare space, we are vigilant on ensuring that we are dealing with any security concerns with open source products. Mend does a great job of scanning our code and highlighting any vulnerabilities and recommended solutions.

Excellent integration and implementation options. The customer support is prompt and provides in-depth analysis of the vulnerabilities.

Black Duck provides very useful information on third party licensing and security risks in our products.

Excellent experience from start to end. We started on the free tier to trial the product on our application, moving from our previous open source maven based solution. Setup was simple, maintenance was almost non-existent and the pre-compiled packages for certifications/etc made the supplier onboarding process much more streamlined.

Timesys Vigiles has been a great tool to support with managing vulnerabilities across the SBOM of our products. As an organisation building embedded Linux devices, it has a range of features that match up with our needs far better than other products we evaluated. The reports that we obtain from Vigiles have been useful both for guiding our own vulnerability management and for communicating vulnerability information with our customers. We've been able to use the API features of Vigiles to automatically input SBOMs from our build system.

Throughout the usage of this product, i have used numerous features that i found to be very useful. Fixing merge conflicts right on the website is very convenient. Also scouring through the commits and branches is very easy and overall, i find the UI/UX great.

The product team, support team, and executives are committed to our success. They are extremely helpful and easy to work with. The product itself solves an important need in a very effective way. We looked at many alternatives and selected this one because we think that we'll be better off in the long run. We'd also heard of many other companies that used them successfully. Their excellent reputation is well deserved.

Knowledgeable people over at Arnica, they were able to break down AppSec into truly granular, yet understandable terms. Powerful software capable of leveling up the security of any web application. Extensive features as well as great customer service.

Really happy with the customer provided by the support team

My experience so far with Revenera has been very good. Securely protecting our applications and managing different compliance has become very easy with the help of Revenera.

Overall Checkmarx SCA (cxOSA) was worked great with us, there are some areas of opportunity in the UI but the way it reports the findings is very clear, informing not only the severity and the risks but also the remediation. Is great that everything is in the same portal, the SAST and SCA solution, we don't need to open several consoles or portals, everything is in the same project, in the same portal.

A good tool for a portfolio analysis, it make easy to detect problematic application and help to fix them. All with a good and simple user interface.

I can confidently say, Brilliant experience with Accurics. For our cloud-native infrastructure cyber resilience becomes crucial. That's where Accurics come into the picture. It Self heals the cloud infrastructure and mitigates the risk by maintaining the secured runtime.

Automated scans available for a year - works well when developing software as it is simple to re-scan each time the code is updated. Information provided by tool is generally enough for a programmer to know how to mitigate the detected vulnerability. Consulting is available for cases where a programmer is not clear on how to mitigate a vulnerability.

We are a new Cloud Defense customer, our experience has been nothing but positive so far. Cloud Defense has been vary helpful during the POV and they continue to be supportive since we bought the product.They are quick to answer and very knowledgeable. They supported us before and after the deployment, helped in properly planning the required resources during our implementation.

My company is primarily a Java ecosystem and Sonatype's Nexus Lifecycle product has met our needs to identify and remediate vulnerabilities in the open source software we use. The scans are quick. They integrate with all of the common Java tooling and they have APIs we can write our own logic around. Their support team has responded quickly to any issues. Their product team has been responsive to ideas, complaints, etc. Overall they are a dream vendor to work with.

Once we started using this product we have been discovering lot of issues, code optimizations, pattern mismatch etc. It helps us in saving a lot of manpower by automatically scanning 1000+ lines of code and pin pointing where the issues are.

Ossisto 365 scanner is providing very use full report in term of security and Risk assessment, overall its saving time.

The SCA product in Shift Left is straight forward and useful.

We have just started to implement CONTRAST OSS . Overall this will give us insight when developing new applications. Often dependencies are used and overlooked if they have vulnerabilities or need updates.