Black Duck integrates with ThreadFix to automatically scan, identify and inventory open source software, allowing you to understand license obligations, conflicts and risks.
OWASP Dependency Check identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.
Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images.
Sonatype Nexus help organizations improve the quality, security, and speed of their software supply chains.
Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes.
WhiteSource helps software development and security teams to better secure and manage the open source components in their products.