Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-sca
A comprehensive list of software composition analysis tools.
https://github.com/magnologan/awesome-sca
- Retire.js
- goof
- bundler-audit
- BlackDuck
- Bytesafe
- Contrast Security
- Debricked
- Dependancy-Check - OWASP Dependancy-check supports Java, .Net. Additional experimental support has been added for Ruby,Node.js,Python and Limited C/C++ build systems.(autoconf and cmake)
- Flexera
- nexB
- OpenSCA - Apache License 2.0, OpenSCA is intended for scanning the third-party component dependencies and vulnerabilities.
- RogueWave
- Snyk
- Sonatype
- Veracode - Thirdparty component analysis for Java, Ruby, Javascript, PHP, Python, Scala, Kotlin, C/C++, Objective C, Swift, Go, and .NET
- WhiteSource - Secure your opensource components for C#,Java,C++,.NET,PHP,Python,Ruby,Docker,nodejs,Javascript etc.
- Whitehat SCA
- Debricked Vulnerability Database
- Exploit Database
- National Vulnerability Database
- Snyk Vulnerabilitydb
- VulnDB Data Mirror
- NIST Data Mirror
- Dependancy Track
- Securing Open Source Libraries
- java-goof
- Choosing a tool to track and mitigate open source security vulnerabilities
Programming Languages
Keywords
software-composition-analysis
5
security
5
vulnerabilities
3
sca
3
sbom
2
vulndb
2
appsec
2
cve
2
java
2
software-security
2
security-audit
2
build-tool
2
ruby-advisory-db
1
ruby
1
patch-management
1
dependency-checker
1
bundler-audit
1
vulnerable-libraries
1
security-tools
1
scanner
1
sbom-tool
1
sbom-generator
1
javascript
1
insecure-libraries
1
grunt-plugins
1
firefox-extension
1
nvd
1
nist
1
cpe
1
vulnerability-databases
1
snyk
1
infosec
1
swid
1
static-analysis
1
spdx
1
software-supply-chain-security
1
software-supply-chain
1
software-bill-of-materials
1
license-compliance
1
devsecops
1
cyclonedx
1
vulnerability-detection
1
maven-plugin
1
jenkins-plugin
1
gradle-plugin
1
ant-task
1
chrome-extension
1