Apps with 'Software Composition Analysis' feature

Web-based Git hosting service facilitating collaboration, with features like issue tracking, social networking, and wikis for project management.

Continuous Delivery Services for teams to share code, track work, and ship software – for any language, all in a single package.

Mend Renovate is a software product that helps developers automate dependency updates by identifying new package versions and delivering them to the application's codebase. It can generate pull requests and issues in the repository with details about the updates, including...

Aikido Security is a developer-first software security platform. We scan your source code & cloud to show you which vulnerabilities are actually important to solve. Triaging is sped up by massively reducing false-positives and making CVEs human-readable.

Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

Continuously find & fix vulnerabilities in your dependencies.

Vulmon Alerts is how you proactively detect vulnerabilities. Subscribe to any query related to vulnerabilities and get alerted before hackers. Integrate vulnerability intelligence into your vulnerability management process.

Keep your dependencies on GitHub up to date without the automatic creation of the Pull Requests to update the dependency and checking for the known vulnerabilities.

https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/

Vulert notifies you if a SECURITY ISSUE is found in any of the open-source software you use. No installation needed.

Mend Bolt is designed to provide real-time security alerts and compliance issues related to your open source dependencies. It operates within Azure DevOps or GitHub, enabling you to identify and address open source vulnerabilities promptly.

Vulners is a high-quality correlated database of software vulnerabilities. Users can create a custom VM solution using our consolidated database through API, multiple vulnerability scanners, plugins, and many other security tools and integrations.

Depfu continuously updates your dependencies one at a time and creates a pull request with all the info you need. You stay in control.

Xygeni All-In-One AppSec Platform secures the entire software supply chain from code to cloud with AI-driven, automated protection and developer-first remediation.

Mend.io offers the first AI native application security platform, purpose-built to secure AI-generated code and embedded AI components. Our unified platform enables companies to manage application risk effectively in modern software development.

AquilaX Ultimate is a comprehensive software security scanner, designed to detect a wide range of security vulnerabilities in the source code of any application. Is committed to change how contextual analysis is done to eliminate virtually any false positive.

A single pane of glass for understanding and mitigating risks across your entire codebase and supply chain.

Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and...

FlexNet Code Aware is a free code scanner that scans Java, NuGet and NPM packages looking for license compliance, IP, and security vulnerability risks.

Dependency Update Automation for npm, composer and docker made easy. Check your git repositories for vulnerabilities now!.

PrivJs Safe helps secure projects by blocking the installation of vulnerable javascript packages. PrivJs Safe also provides an ESLint plugin @privjs/eslint-plugin-safe to actively detect the import of vulnerable npm packages in the projects.

A software monetization platform to help you launch new business models, protect your IP and reduce the risk of revenue loss.

SecDash automatically detects security vulnerabilities in applications created with ChatGPT, Claude, and other AI tools, providing clear and actionable guidance.

Timesys Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete...

GuardRails continuously scans your GitHub & GitLab repositories to alert you of any vulnerabilities and security issues. Get started in minutes.

RankedRight is the triage tool that automatically ranks vulnerabilities based on the rules set by its user, factoring in what is critical to the business, and delegating it to the most appropriate person to resolve.