Aikido Security brings together code, cloud, dependency, and runtime security workflows in a more approachable platform for modern engineering teams.
Tools that identify open-source components in codebases and detect vulnerabilities, license risks, and outdated dependencies.
Aikido Security brings together code, cloud, dependency, and runtime security workflows in a more approachable platform for modern engineering teams.
Black Duck provides software composition analysis that helps organizations manage security, quality, and license compliance risks from open-source and third-party code.
Sonatype provides software supply chain management and SCA tools including Nexus Repository and Sonatype Lifecycle for managing open-source security and compliance.
Phylum provides automated software supply chain risk analysis that detects malicious open-source packages, author risk, and dependency vulnerabilities.
Now called Mend, providing open source security and license compliance management.
Mend.io is a software composition analysis and application security platform that helps development teams identify and remediate vulnerabilities in open-source dependencies.
Socket detects malicious open-source dependencies and supply chain risks.
Debricked provides software composition analysis focused on making open-source security accessible with fast scanning, automated fix suggestions, and license compliance.
Snyk provides developer-first software composition analysis that finds and fixes vulnerabilities in open-source dependencies directly within developer workflows.
SOOS provides affordable software composition analysis and DAST solutions that help development teams identify vulnerabilities and license issues in open-source dependencies.
Idera-owned code security and analytics platform with SAST, SCA, and quality across 30+ languages.
Tidelift provides a managed open source subscription that ensures the open-source packages organizations depend on are secure, maintained, and license-compliant.
OWASP's intelligent component analysis platform for monitoring third-party components for vulnerabilities.
Checkmarx provides a comprehensive application security platform including software composition analysis, SAST, DAST, and API security for enterprise DevSecOps programs.