2026 Best Software Awards are here!See the list
Top Free Software Composition Analysis Tools
Check out our list of free Software Composition Analysis Tools. Products featured on this list are the ones that offer a free trial version. As with most free versions, there are limitations, typically time or features.
If you'd like to see more products and to evaluate additional feature options, compare all Software Composition Analysis Tools to ensure you get the right product.
View Free Software Composition Analysis Tools
G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
38 Software Composition Analysis Products Available
View all Software Composition Analysis Tools
(870)4.5 out of 5
Optimized for quick response
3rd Easiest To Use in Software Composition Analysis software
View top Consulting Services for GitLab
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab
Users
- Software Engineer
- Senior Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 37% Mid-Market
- 37% Small-Business
GitLab features and usability ratings that predict user satisfaction
8.5
Quality of Support
Average: 9.0
8.7
Language Support
Average: 8.4
9.0
Continuous Monitoring
Average: 8.8
8.8
Integration
Average: 8.8
VP
Easy to build and deploy code, highly secure environment Read review
KK
1. Seamlessly store code online with versioning, building code running various CI/CD pipelines.
2. Ease of access due to clean User interface.
3.... Read review
Seller Details
HQ Location
San Francisco, CaliforniaTwitter
@gitlab169,407 Twitter followers
(2,286)4.7 out of 5
8th Easiest To Use in Software Composition Analysis software
View top Consulting Services for GitHub
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
GitHub is where the world builds software. Millions of individuals, organizations and businesses around the world use GitHub to discover, share, and contribute software. Developers at startups to Fort
Users
- Software Engineer
- Senior Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 47% Small-Business
- 31% Mid-Market
GitHub features and usability ratings that predict user satisfaction
8.7
Quality of Support
Average: 9.0
8.8
Language Support
Average: 8.4
9.0
Continuous Monitoring
Average: 8.8
9.0
Integration
Average: 8.8
CS
Easiness to use and to have an overview of team performance Read review
BN
1) Seamless Collaboration – Pull requests, code reviews, and discussions make teamwork easy and transparent.
2) Version Control with Git –... Read review
Seller Details
Twitter
@github2,611,247 Twitter followers
Sponsored
G2 Advertising
Get 2x conversion than Google Ads with G2 Advertising!
G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Mend.io is the leading application security solution, helping organizations reduce application risk efficiently. Built for modern, AI-driven, and traditional development environments alike, Mend.io pr
Users
- Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 38% Small-Business
- 34% Mid-Market
Mend.io features and usability ratings that predict user satisfaction
8.7
Quality of Support
Average: 9.0
8.5
Language Support
Average: 8.4
8.8
Continuous Monitoring
Average: 8.8
8.5
Integration
Average: 8.8
VS
Interface and flow of the application.Also the simplicity Read review
MT
The best thing is the security and easy to use. The mend bot offers couple of qualities to protect your projects against several security protocols... Read review
Seller Details
HQ Location
Boston, MassachusettsTwitter
@Mend_io11,342 Twitter followers
(756)4.7 out of 5
Optimized for quick response
1st Easiest To Use in Software Composition Analysis software
View top Consulting Services for Wiz
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Wiz transforms cloud security for customers – including more than 50% of the Fortune 100 – by enabling a new operating model. With Wiz, organizations can democratize security across the developme
Users
- CISO
- Security Engineer
Industries
- Financial Services
- Information Technology and Services
Market Segment
- 54% Enterprise
- 39% Mid-Market
Wiz features and usability ratings that predict user satisfaction
9.2
Quality of Support
Average: 9.0
8.8
Language Support
Average: 8.4
9.2
Continuous Monitoring
Average: 8.8
9.3
Integration
Average: 8.8
KL
Wiz.io enables my small SaaS company with enterprise-grade security solutions for our cloud-native environments by simplifying security management,... Read review
JS
The ease of use and the ability for us to have our application teams get just the information they needed was why we selected the product. Getting... Read review
Seller Details
HQ Location
New York, USTwitter
@wiz_io20,380 Twitter followers
(90)4.5 out of 5
Optimized for quick response
12th Easiest To Use in Software Composition Analysis software
Entry Level Price:Starting at $11,000.00
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
By scanning the source code of your applications, CAST Highlight instantly maps your software, generating the insights to understand, improve, and transform it. CIOs, CTOs, Enterprise Architects u
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 57% Enterprise
- 24% Small-Business
CAST Highlight features and usability ratings that predict user satisfaction
9.1
Quality of Support
Average: 9.0
8.5
Language Support
Average: 8.4
8.5
Continuous Monitoring
Average: 8.8
8.4
Integration
Average: 8.8
CI
Allows rapid scanning of multiple applications simultaneously.
Supports GDPR
Provides insight into Software health, cloud readiness, licensing... Read review
PG
Cloud Readiness/Container Blockers is a differentiator
Much functionality is also available in tools like Blackduck,Polaris Read review
Seller Details
HQ Location
New YorkTwitter
@SW_Intelligence1,901 Twitter followers
(137)4.6 out of 5
Optimized for quick response
2nd Easiest To Use in Software Composition Analysis software
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido hel
Users
- CTO
- Founder
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 71% Small-Business
- 17% Mid-Market
Aikido Security features and usability ratings that predict user satisfaction
9.4
Quality of Support
Average: 9.0
9.0
Language Support
Average: 8.4
9.0
Continuous Monitoring
Average: 8.8
9.0
Integration
Average: 8.8
AI
I appreciate that Aikido Security offers a single plane of glass with everything in one queue, which is very important to me. It's simple to use... Read review
UC
Regular scans of our codebase flag potential issues early. It has a reasonable free tier that could be useful for most people, and it also produces... Read review
Seller Details
HQ Location
Ghent, BelgiumTwitter
@AikidoSecurity4,225 Twitter followers
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate an
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 50% Mid-Market
- 43% Small-Business
SOOS features and usability ratings that predict user satisfaction
9.3
Quality of Support
Average: 9.0
9.5
Language Support
Average: 8.4
9.3
Continuous Monitoring
Average: 8.8
9.5
Integration
Average: 8.8
JG
SOOS works about as well as Snyk or Sonatype for SCA, and at about 0.1% of the price.
Their support has been super responsive and helpful when... Read review
DS
Easy and straightforward to use. From the easy plugins, to the excellent dashboard, the feature set helps us every day without taking a lot of... Read review
Seller Details
HQ Location
Winooski, USTwitter
@soostech50 Twitter followers
(51)4.8 out of 5
9th Easiest To Use in Software Composition Analysis software
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform.
Users
- Security Engineer
Industries
- Financial Services
- Information Technology and Services
Market Segment
- 63% Mid-Market
- 25% Enterprise
OX Security features and usability ratings that predict user satisfaction
9.6
Quality of Support
Average: 9.0
8.7
Language Support
Average: 8.4
8.8
Continuous Monitoring
Average: 8.8
9.4
Integration
Average: 8.8
EA
As one of OX Security's first customers, I was searching for an effective solution to upscale Upstream Security's application security stack. I... Read review
UI
Best Free Solution for private users who want to check their repos. Read review
Seller Details
Seller
OX SecurityYear Founded
2021HQ Location
New York, USA
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk.
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 48% Enterprise
- 33% Mid-Market
Black Duck features and usability ratings that predict user satisfaction
7.7
Quality of Support
Average: 9.0
9.2
Language Support
Average: 8.4
8.0
Continuous Monitoring
Average: 8.8
8.0
Integration
Average: 8.8
UP
It is very thorough. As a best I included a small snippet of code I copied from a obscure blog. It identified the code. Read review
SM
One of the top solution providers to help manage security vulnerabilities, code quality, code smells, bugs and compliance risk associated with... Read review
Seller Details
Twitter
@synopsys23,878 Twitter followers
Ownership
NASDAQ:SNPS
(49)4.5 out of 5
11th Easiest To Use in Software Composition Analysis software
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented thr
Users
No information available
Industries
- Insurance
- Information Technology and Services
Market Segment
- 67% Enterprise
- 20% Mid-Market
Contrast Security features and usability ratings that predict user satisfaction
9.3
Quality of Support
Average: 9.0
8.1
Language Support
Average: 8.4
9.0
Continuous Monitoring
Average: 8.8
8.8
Integration
Average: 8.8
EI
Contrast delivers easy and fast vulnerability data about our applications (IDE environments) that continues through production with the RASP... Read review
DK
It's free to some extent
Fast then most security scanners Read review
Seller Details
HQ Location
Pleasanton, CATwitter
@contrastsec5,506 Twitter followers
(111)4.1 out of 5
Optimized for quick response
14th Easiest To Use in Software Composition Analysis software
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Cortex Cloud by Palo Alto Networks, the next version of Prisma Cloud, understands a unified security approach is essential for effectively addressing AppSec, CloudSec, and SecOps. Connecting cloud sec
Users
No information available
Industries
- Information Technology and Services
- Computer & Network Security
Market Segment
- 39% Enterprise
- 32% Mid-Market
Cortex Cloud features and usability ratings that predict user satisfaction
7.9
Quality of Support
Average: 9.0
6.7
Language Support
Average: 8.4
7.2
Continuous Monitoring
Average: 8.8
9.2
Integration
Average: 8.8
UL
Strong cloud security – It catches misconfigurations and vulnerabilities fast.
Easy to use – The dashboard is clean and gives clear... Read review
UC
Gets the job done and has a good user interface. Smooth user experience and is usually free from any bugs. Support and implementation are also good... Read review
Seller Details
HQ Location
Santa Clara, CATwitter
@PaloAltoNtwks127,526 Twitter followers
(54)4.6 out of 5
7th Easiest To Use in Software Composition Analysis software
View top Consulting Services for Semgrep
Entry Level Price:Starting at $40.00
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysi
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 46% Enterprise
- 41% Mid-Market
Semgrep features and usability ratings that predict user satisfaction
8.8
Quality of Support
Average: 9.0
8.4
Language Support
Average: 8.4
8.3
Continuous Monitoring
Average: 8.8
8.2
Integration
Average: 8.8
AF
Easy to add custom rules (e.g. by using the online rule editor). Also, Semgrep App has some nice, convenient features (like private rule repository). Read review
AI
The Semgrep supply chain is a boon for application and product security teams. Backed by the already solid Semgrep engine, it can quickly surface... Read review
Seller Details
HQ Location
San Francisco, USTwitter
@semgrep4,153 Twitter followers
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
MergeBase is revolutionizing software supply chain protection with a full-featured, developer-oriented SCA solution that brings the lowest false positives in the industry and complete DevOps coverage
Users
No information available
Industries
- Computer Software
Market Segment
- 40% Small-Business
- 35% Mid-Market
MergeBase features and usability ratings that predict user satisfaction
9.3
Quality of Support
Average: 9.0
7.9
Language Support
Average: 8.4
8.5
Continuous Monitoring
Average: 8.8
8.5
Integration
Average: 8.8
DG
The best feature of MergeBase has to be it's ease of usage. Development for future becomes super easy purely because of the intuitiveness of the... Read review
CM
It helps in reducing risk in whole product development by suggesting and removing vulnerabilities
An all in one product+ consultation solution on... Read review
Seller Details
Twitter
@mergebasesecure91 Twitter followers
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Open source is a critical part of your software. In the average modern software product, over 80% of the source code shipped is derived from open source. Each component can have cascading legal, secur
Users
No information available
Industries
- Computer Software
Market Segment
- 47% Small-Business
- 33% Mid-Market
FOSSA features and usability ratings that predict user satisfaction
8.3
Quality of Support
Average: 9.0
8.8
Language Support
Average: 8.4
8.5
Continuous Monitoring
Average: 8.8
9.2
Integration
Average: 8.8
JJ
It reduces the time needed to identify open-source licensing issues. It is easy to use and it is user-friendly. It allows you to know the licenses... Read review
IL
FOSSA stands for Free and Open Source Software Analysis which automates the management of open source compliance and security. Up to 90% of the... Read review
Seller Details
Twitter
@getfossa770 Twitter followers
(134)4.4 out of 5
10th Easiest To Use in Software Composition Analysis software
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
SonarQube is the industry leader in automated code review, serving as the verification layer for code quality and security in the AI-powered SDLC. SonarQube ensures all code—whether written by develop
Users
- Software Engineer
- DevOps Engineer
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 42% Enterprise
- 39% Mid-Market
SonarQube features and usability ratings that predict user satisfaction
8.1
Quality of Support
Average: 9.0
0.0
No information available
0.0
No information available
0.0
No information available
MT
I use SonarQube mainly for analyzing C, C++ and Python programming languages, and that's why I need a SonarQube developer license. The $160 I spent... Read review
TG
they sell that is good , i don't have a change to fully test Read review
Seller Details
HQ Location
Geneva, SwitzerlandTwitter
@SonarSource10,884 Twitter followers
Hunting for software insights?
With over 3 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
