awesome-sca

Coming up!! A comprehensive list of Software Composition Analysis Tools.

Following repo contains a collection of SCA tools which can be used to analyze risks in third party components which were used as part of code. Feel free to add up any new tools. **Note: ©️ stands for proprietary sofware. All other tools are open source. **

Table of Contents

• Programming Languages
• Multiple Languages
• Vulnerability Databases
• Books
• Vulnerable Apps

Programming Languages

Javascript

• Retire.js

Ruby

• bundler-audit

Multiple Languages

• Dependancy-Check - OWASP Dependancy-check supports Java, .Net. Additional experimental support has been added for Ruby,Node.js,Python and Limited C/C++ build systems.(autoconf and cmake)
• SourceClear ©️ - Thirdparty component analysis for Java,Ruby,Javascript,Python,Objective C,GO and PHP
• WhiteSource ©️ - Secure your opensource components for C#,Java,C++,.NET,PHP,Python,Ruby,Docker,nodejs,Javascript etc.
• BlackDuck ©️ Open source software security audit
• Snyk ©️ continuously find and fix vulnerabilities in your depandancies. it supports JS,Java,Python,Ruby,Go,PHP,.NET,Scala etc.

Vulnerability Databases

• Snyk Vulnerabilitydb
• National Vulnerability Database
• Exploit Database

Books

• Securing Open Source Libraries By Guy Podjarny

Vulnerable Apps

Javascript

• goof

Java

• java-goof