Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jesse_Mundis
Newcomer III
‎03-09-2018 05:31 PM
‎03-09-2018 05:31 PM

OSS Source Code Vulnerability Scanner recommendations?

Currently comparing Black Duck and Source Clear for consideration in a Jenkins build environment to scan OSS components. Any other products I should be considering? Needs to at the very least grok python and javascript.

Reply
0 Kudos
2 Replies
Early_Adopter
Community Champion
‎03-10-2018 01:21 PM
‎03-10-2018 01:21 PM

Synopsis is the 800 pound gorilla here I hear they have a focus here, not sure about SourceClear.

 

Some thoughts I've heard from our security folks on others - Snyk is allegedly good with Javascript, Sonatype has a secure/verified repository thingy, CA purchased Veracode and look to be inversing in that area.

 

 

Reply
0 Kudos
Wayne_Evans
Newcomer III
‎03-12-2018 06:20 AM
‎03-12-2018 06:20 AM

Hi,

 

not sure if relevant:- but this is in my book marks.

 

https://github.com/mre/awesome-static-analysis

Kind Regards,

 

Wayne

Reply
0 Kudos