cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

OSS Source Code Vulnerability Scanner recommendations?

Currently comparing Black Duck and Source Clear for consideration in a Jenkins build environment to scan OSS components. Any other products I should be considering? Needs to at the very least grok python and javascript.

Tags (2)
2 Replies
Community Champion

Re: OSS Source Code Vulnerability Scanner recommendations?

Synopsis is the 800 pound gorilla here I hear they have a focus here, not sure about SourceClear.

 

Some thoughts I've heard from our security folks on others - Snyk is allegedly good with Javascript, Sonatype has a secure/verified repository thingy, CA purchased Veracode and look to be inversing in that area.

 

 

Highlighted
Newcomer III

Re: OSS Source Code Vulnerability Scanner recommendations?

Hi,

 

not sure if relevant:- but this is in my book marks.

 

https://github.com/mre/awesome-static-analysis

Kind Regards,

 

Wayne