Black Duck integrates with ThreadFix to automatically scan, identify and inventory open source software, allowing you to understand license obligations, conflicts and risks.

OWASP Dependency Check identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

Snyk is a developer-first security company that helps organizations use open source and stay secure.  Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images.

Sonatype Nexus help organizations improve the quality, security, and speed of their software supply chains.

WhiteSource helps software development and security teams to better secure and manage the open source components in their products.