cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jesse_Mundis
Newcomer III

OSS Source Code Vulnerability Scanner recommendations?

Currently comparing Black Duck and Source Clear for consideration in a Jenkins build environment to scan OSS components. Any other products I should be considering? Needs to at the very least grok python and javascript.

2 Replies
Early_Adopter
Community Champion

Synopsis is the 800 pound gorilla here I hear they have a focus here, not sure about SourceClear.

 

Some thoughts I've heard from our security folks on others - Snyk is allegedly good with Javascript, Sonatype has a secure/verified repository thingy, CA purchased Veracode and look to be inversing in that area.

 

 

Wayne_Evans
Newcomer III

Hi,

 

not sure if relevant:- but this is in my book marks.

 

https://github.com/mre/awesome-static-analysis

Kind Regards,

 

Wayne