SCA Tools

Invicti is a full-scale web application security platform that offers DAST, IAST and SCA tools at the enterprise level.

JFrog Xray is an application security SCA tool that integrates security directly into your DevOps workflows, enabling you to deliver trusted software releases faster. JFrog Xray fortifies your software supply chain and scans your entire pipeline from Git to your IDE, through your CI/CD Tools, and all the way through distribution to deployment.

CAST leads the emerging category of software intelligence - an essential enabler of digital transformation, M&A value creation, taming software complexity.

ShiftLeft CORE can help you identify open source vulnerabilities and prioritize them based on how problematic they may be to your application's security. Currently, ShiftLeft is capable of scanning for open-source vulnerabilities in applications written in C#, Java, JavaScript, Python, and Scala. Support for Go is currently in beta, and support for other languages is forthcoming.

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks from using open-source in development. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Snyk Open Source helps organizations like Salesforce, Google and Facebook enhance application security by enabling development teams to automatically find, prioritize and fix security vulnerabilities and license issues in their open source dependencies and containers early in, and across, the SDLC.

WhiteSource is a software composite analysis tool that helps you monitor 3rd party elements and open-source resources in your applications. You can create your security policy and WhiteSource will detect risks in real-time.