Black Duck Software Alternatives

Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

FOSSA offers automated license scanning, dependency analysis and reports at each commit. Get a process up an running in 60 seconds, without slowing down development.

Vulert notifies you if a SECURITY ISSUE is found in any of the open-source software you use. No installation needed.

WhiteSource is the leading solution for agile open source security and license compliance management.

Timesys Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete...

Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and...

FlexNet Code Aware is a free code scanner that scans Java, NuGet and NPM packages looking for license compliance, IP, and security vulnerability risks.

WhiteSource Bolt is a FREE tool that scans all of your projects to detect vulnerable open source components. It provides actionable remediation paths to enable a quick fix. Available on Github & Azure DevOps Marketplaces: bolt.whitesourcesoftware.com