Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hysnsec/awesome-sca
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
https://github.com/hysnsec/awesome-sca
List: awesome-sca
component-analysis practical-devsecops sca snyk software-composition-analysis vulnerability-databases
Last synced: 16 days ago
JSON representation
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
- Host: GitHub
- URL: https://github.com/hysnsec/awesome-sca
- Owner: hysnsec
- License: cc0-1.0
- Created: 2021-05-29T18:39:31.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-09-14T06:15:17.000Z (over 2 years ago)
- Last Synced: 2024-05-20T10:04:08.274Z (7 months ago)
- Topics: component-analysis, practical-devsecops, sca, snyk, software-composition-analysis, vulnerability-databases
- Homepage: https://practical-devsecops.com/
- Size: 246 KB
- Stars: 89
- Watchers: 9
- Forks: 28
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: Contributing.md
- License: LICENSE
Awesome Lists containing this project
- ultimate-awesome - awesome-sca - A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials. (Other Lists / Monkey C Lists)
README
# Awesome Software Component Analysis(SCA)
![Awesome SCA Image](images/awesome-sca.png)
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools and tutorials. SCA is a technique to find third party vulnerable components used in your code.
Contributions welcome. Add links through pull requests or create an issue to start a discussion.
# Table of Contents
- [Books](#books)
- [Articles](#articles)
- [Courses](#courses)
- [Free Tools](#free-tools)
- [Commercial Tools](#commercial-tools)
- [Vulnerability Databases](##vulnerability-databases)
- [References](#References)
- [Credits](#credits)
- [Contributing](#contributing)## Books
* [Securing Open Source Libraries](https://www.safaribooksonline.com/library/view/securing-open-source/9781491996980/) By Guy Podjarny## Articles
* [Component Analysis from OWASP](https://owasp.org/www-community/Component_Analysis)
* [Guide to Software Composition Analysis (SCA) by Snyk](https://snyk.io/blog/what-is-software-composition-analysis-sca-and-does-my-company-need-it/)## Courses and Training
*Courses/videos on SCA.*
### Free
- [Software Composition Analysis Deep Dive by Ulisses Albuquerque](https://www.youtube.com/watch?v=F2FfaSX_55A)
### Paid
- [DevSecOps Professional by Practical DevSecOps](https://www.practical-devsecops.com/certified-devsecops-professional/)
- [SANS 540 - Cloud Security and DevSecOps Automation](https://www.sans.org/cyber-security-courses/cloud-security-devsecops-automation/)## Free Tools
### Javascript
Client Side Libraries:
* [Retire.js](https://github.com/RetireJS/retire.js)Backend Libraries:
* [NPM Audit](https://docs.npmjs.com/cli/v7/commands/npm-audit)
* [AuditJS](https://github.com/sonatype-nexus-community/auditjs)### Ruby
* [bundler-audit](https://github.com/rubysec/bundler-audit)
* [Chelsea](https://github.com/sonatype-nexus-community/chelsea)### Java
* [Dependancy-Check](https://github.com/jeremylong/DependencyCheck)### Python
* [Safety from Pyup](https://github.com/pyupio/safety)### PHP
* [Local PHP Security Checker](https://github.com/fabpot/local-php-security-checker)### Golang
* [Nancy](https://github.com/sonatype-nexus-community/nancy)### .Net
* [dotnet CLI](https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/#dotnet-cli)
* [Dependancy-Check](https://github.com/jeremylong/DependencyCheck)
* [WhiteSource Bolt](https://www.whitesourcesoftware.com/free-developer-tools/bolt/) (Free offering that currently works within Azure DevOps or GitHub)## Commercial Tools
Most commercial SCA tools support multiple programming languages like Java, Python, Ruby, Go, PHP,.NET,Scala and license scans.
* [Snyk](https://snyk.io/)
* [SourceClear](https://www.sourceclear.com/)
* [Sonatype](https://www.sonatype.com/)
* [BlackDuck](https://www.blackducksoftware.com/solutions/application-security)
* [Contrast Security](https://www.contrastsecurity.com/interactive-application-security-testing-iast)
* [WhiteSource](https://www.whitesourcesoftware.com/whitesource-languages/)
* [Whitehat SCA](https://www.whitehatsec.com/products/static-application-security-testing/software-composition-analysis/)
* [Vulert SCA](https://vulert.com/abom/)
* [Debricked](https://debricked.com/)## SCA Vulnerability Databases
* [National Vulnerability Database](https://nvd.nist.gov/)
* [Snyk Vulnerabilitydb](https://github.com/snyk/vulnerabilitydb)
* [VulnDB Data Mirror](https://github.com/stevespringett/vulndb-data-mirror)
* [NIST Data Mirror](https://github.com/stevespringett/nist-data-mirror)
* [Exploit Database](https://www.exploit-db.com/webapps/)
* [Vulert Vulnerability Database](https://vulert.com/vuln-db/)
* [Debricked Vulnerability Database](https://app.debricked.com/en/vulnerability-database)## Credits
* This repo is based on the original work done by our friend [@raghunath24](https://github.com/raghunath24)
## Sponsor
![Practical DevSecOps](images/practical-devsecops-logo.png)
## Contributing
Please refer the guidelines at [contributing.md for details](Contributing.md).