Best Software Composition Analysis Tools - Page 2

Adam Crivello
AC
Researched and written by Adam Crivello

Software composition analysis (SCA) tools enables users to analyze and manage the open-source elements of their applications. Companies and developers use SCA tools to verify licensing and assess vulnerabilities associated with each of their applications’ open-source components. More robust than vulnerability scanner software, SCA tools automatically scan all open-source components to check for policy and license compliance, security risks, and version updates. SCA software also provides insights for remedying identified vulnerabilities, usually within the reports generated after a scan.

Companies and developers often use SCA tools in conjunction with static code analysis software, which scans the code behind their applications as opposed to the open-source components.

To qualify for inclusion within the Software Composition Analysis (SCA) category, a product must:

Automatically track and analyze an application’s open source-components
Identify component vulnerabilities, licensing and compliance issues, and version updates
Provide insight into vulnerability remediation
Show More
Show Less

Featured Software Composition Analysis Tools At A Glance

Leader:
Wiz
Wiz
Highest Performer:
Jit
Jit
Easiest to Use:
Wiz
Wiz
Top Trending:
Aikido Security
Aikido Security
Show More
Show Less

G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.

No filters applied
Clear Filter
More Filters
Market Segments
All Segments
Small Business
Mid Market
Enterprise
Avg. Customer Review
Language
Pricing
Sort by
Clear All
74 Listings in Software Composition Analysis Available
  • Sort By:
    G2 Score

Contrast Security

(49)4.5 out of 5
12th Easiest To Use in Software Composition Analysis software
OverviewPros and Cons
Product Description

Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented thr

Industries: Insurance, Information Technology and Services · Market Segment: 67% Enterprise, 20% Mid-Market
Pros and ConsUser Satisfaction
ProsAccuracy of Findings, Accuracy of Results, Vulnerability Detection, Automated Scanning, Automation
ConsComplex Setup, Difficult Setup, Performance Issues, Problematic Updates, Setup Complexity
User SatisfactionSeller Details
Contrast Security features and usability ratings that predict user satisfaction
9.3
Quality of Support
Average: 9.0
8.1
Language Support
Average: 8.4
9.0
Continuous Monitoring
Average: 8.8
8.8
Integration
Average: 8.8
Seller Details
Year Founded
2014
HQ Location
Pleasanton, CA
Company Website
https://contrastsecurity.com
Twitter
@contrastsec
LinkedIn® Page
https://www.linkedin.com/company/contrast-security/

Microsoft Defender for Cloud

(303)4.4 out of 5
Free trial available
View top Consulting Services for Microsoft Defender for Cloud
OverviewPros and Cons
Product Description

Microsoft Defender for Cloud is a cloud native application protection platform for multicloud and hybrid environments with comprehensive security across the full lifecycle, from development to runtime

Users: Saas Consultant, Software Engineer · Industries: Information Technology and Services, Computer & Network Security · Market Segment: 39% Mid-Market, 35% Enterprise
Pros and ConsUser Satisfaction
ProsSecurity, Comprehensive Security, Cloud Security, Vulnerability Detection, Threat Detection
ConsComplexity, Expensive, Delayed Detection, False Positives, Improvement Needed
User SatisfactionSeller Details
Microsoft Defender for Cloud features and usability ratings that predict user satisfaction
8.6
Quality of Support
Average: 9.0
9.4
Language Support
Average: 8.4
10.0
Continuous Monitoring
Average: 8.8
9.9
Integration
Average: 8.8
Seller Details
Year Founded
1975
HQ Location
Redmond, Washington
Company Website
https://www.microsoft.com/
Twitter
@microsoft
LinkedIn® Page
https://www.linkedin.com/company/microsoft/
Ownership
MSFT
Phone
+1 (877) 276-2464
G2 Advertising
Sponsored
G2 Advertising
Get 2x conversion than Google Ads with G2 Advertising!
G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.
Learn More

Aqua Security

(57)4.2 out of 5
11th Easiest To Use in Software Composition Analysis software
OverviewPros and Cons
Product Description

Aqua Security sees and stops attacks across the entire cloud native application lifecycle in a single, integrated platform. From software supply chain security for developers to cloud security and run

Industries: Computer Software, Financial Services · Market Segment: 56% Enterprise, 39% Mid-Market
Pros and ConsUser Satisfaction
ProsSecurity, Ease of Use, Features, Detection, Vulnerability Identification
ConsMissing Features, Lack of Features, Limited Features, Difficult Navigation, Improvement Needed
User SatisfactionSeller Details
Aqua Security features and usability ratings that predict user satisfaction
8.0
Quality of Support
Average: 9.0
7.3
Language Support
Average: 8.4
6.3
Continuous Monitoring
Average: 8.8
7.3
Integration
Average: 8.8
Seller Details
Year Founded
2015
HQ Location
Burlington, US
Company Website
https://www.aquasec.com
Twitter
@AquaSecTeam
LinkedIn® Page
https://www.linkedin.com/company/aquasecteam/

DerScanner

(11)5.0 out of 5
OverviewUser Satisfaction
Product Description

DerScanner is a complete application security testing solution to eliminate known and unknown code threats across Software Development Lifecycle. DerScanner static code analysis offers developers the

Industries: Information Technology and Services · Market Segment: 64% Small-Business, 45% Mid-Market
User SatisfactionSeller Details
DerScanner features and usability ratings that predict user satisfaction
10.0
Quality of Support
Average: 9.0
10.0
Language Support
Average: 8.4
9.4
Continuous Monitoring
Average: 8.8
9.6
Integration
Average: 8.8
Seller Details
Year Founded
2011
HQ Location
Dubai
Company Website
https://derscanner.com/
LinkedIn® Page
https://www.linkedin.com/company/dersecur/

FOSSA

(15)4.2 out of 5
OverviewPros and Cons
Product Description

Open source is a critical part of your software. In the average modern software product, over 80% of the source code shipped is derived from open source. Each component can have cascading legal, secur

Industries: Computer Software · Market Segment: 47% Small-Business, 33% Mid-Market
Pros and ConsUser Satisfaction
ProsEasy Integrations, Issue Resolution, Remediation Solutions, Risk Management, Security
User SatisfactionSeller Details
FOSSA features and usability ratings that predict user satisfaction
8.3
Quality of Support
Average: 9.0
8.8
Language Support
Average: 8.4
8.5
Continuous Monitoring
Average: 8.8
9.2
Integration
Average: 8.8
Seller Details
Year Founded
2015
HQ Location
San Francisco, California
Company Website
https://www.fossa.io
Twitter
@getfossa
LinkedIn® Page
https://www.linkedin.com/company/fossa/

MergeBase

(20)4.5 out of 5
OverviewUser Satisfaction
Product Description

MergeBase is revolutionizing software supply chain protection with a full-featured, developer-oriented SCA solution that brings the lowest false positives in the industry and complete DevOps coverage

Industries: Computer Software · Market Segment: 40% Small-Business, 35% Mid-Market
User SatisfactionSeller Details
MergeBase features and usability ratings that predict user satisfaction
9.3
Quality of Support
Average: 9.0
7.9
Language Support
Average: 8.4
8.5
Continuous Monitoring
Average: 8.8
8.5
Integration
Average: 8.8
Seller Details
Year Founded
2018
HQ Location
Coquitlam, British Columbia
Company Website
https://mergebase.com/
Twitter
@mergebasesecure
LinkedIn® Page
https://www.linkedin.com/company/mergebase/

Sandworm

(11)5.0 out of 5
OverviewUser Satisfaction
Product Description

Sandworm is a comprehensive software supply chain security solution that detects vulnerabilities in dependencies, provides actionable insights, and ensures a secure and reliable development process fo

Industries: Marketing and Advertising · Market Segment: 73% Small-Business, 18% Mid-Market
User SatisfactionSeller Details
Sandworm features and usability ratings that predict user satisfaction
9.6
Quality of Support
Average: 9.0
9.1
Language Support
Average: 8.4
9.6
Continuous Monitoring
Average: 8.8
9.1
Integration
Average: 8.8
Seller Details
Year Founded
2023
HQ Location
N/A
Company Website
https://sandworm.dev/
LinkedIn® Page
https://www.linkedin.com/company/sandworm-dev/

Endor Labs

(9)4.8 out of 5
OverviewPros and Cons
Product Description

Endor Labs helps you build and ship secure software fast, whether it's written by humans and AI. While conventional code scanning tools drown teams in false positives, Endor Labs zeroes in on real ris

Market Segment: 78% Mid-Market, 22% Enterprise
Pros and ConsUser Satisfaction
ProsFeatures, Ease of Use, Accuracy of Findings, Customer Support, Integration Support
ConsUX Improvement, API Limitations, Difficult Setup, Integration Issues, Missing Features
User SatisfactionSeller Details
Endor Labs features and usability ratings that predict user satisfaction
9.8
Quality of Support
Average: 9.0
9.4
Language Support
Average: 8.4
9.7
Continuous Monitoring
Average: 8.8
9.2
Integration
Average: 8.8
Seller Details
Year Founded
2021
HQ Location
Palo Alto, California, United States
Company Website
https://www.endorlabs.com/
Twitter
@EndorLabs
LinkedIn® Page
https://www.linkedin.com/company/endorlabs

Rainforest Application

(12)4.9 out of 5
OverviewUser Satisfaction
Product Description

Rainforest is the all-in-one cyber security platform with an end-to-end approach to simplify corporate reputation protection by using multiple intelligences and proactive observability, adding Applica

Market Segment: 42% Small-Business, 42% Mid-Market
User SatisfactionSeller Details
Rainforest Application features and usability ratings that predict user satisfaction
9.8
Quality of Support
Average: 9.0
8.0
Language Support
Average: 8.4
9.0
Continuous Monitoring
Average: 8.8
8.7
Integration
Average: 8.8
Seller Details
HQ Location
Wilmington, Delaware
Company Website
https://rainforest.tech
LinkedIn® Page
https://www.linkedin.com/company/80967943

Socket

(9)4.6 out of 5
OverviewPros and Cons
Product Description

Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powe

Market Segment: 44% Mid-Market, 33% Enterprise
Pros and ConsUser Satisfaction
ProsSecurity, Open Source, Accuracy of Findings, Alerts, Comprehensive Security
ConsMissing Features, System Slowness
User SatisfactionSeller Details
Socket features and usability ratings that predict user satisfaction
9.0
Quality of Support
Average: 9.0
8.9
Language Support
Average: 8.4
8.3
Continuous Monitoring
Average: 8.8
8.3
Integration
Average: 8.8
Seller Details
Year Founded
2020
HQ Location
San Francisco, US
Company Website
https://socket.dev/
Twitter
@SocketSecurity
LinkedIn® Page
https://www.linkedin.com/company/socketinc/

Codacy

(28)4.6 out of 5
Entry Level Price:Free
OverviewPros and Cons
Product Description

Codacy is the only DevSecOps platform that delivers plug-and-play code health and security scanning for AI and human generated code. Future-proof your software – from source code to runtime – without

Industries: Computer Software · Market Segment: 61% Small-Business, 21% Mid-Market
Pros and ConsUser Satisfaction
ProsSecurity, Automation, Automation Testing, Code Quality, Customer Support
ConsExpensive
User SatisfactionSeller Details
Codacy features and usability ratings that predict user satisfaction
9.2
Quality of Support
Average: 9.0
0.0
No information available
0.0
No information available
0.0
No information available
Seller Details
Year Founded
2012
HQ Location
Lisbon, Lisboa
Company Website
https://www.codacy.com
Twitter
@codacy
LinkedIn® Page
https://www.linkedin.com/company/3310124/

ThreatWorx

(10)4.7 out of 5
OverviewUser Satisfaction
Product Description

ThreatWorx is a next-gen proactive cybersecurity platform that protects servers, cloud, containers and source code from malware and vulnerabilities without scanner appliances or bulky agents. ThreatWo

Market Segment: 40% Mid-Market, 40% Small-Business
User SatisfactionSeller Details
ThreatWorx features and usability ratings that predict user satisfaction
9.8
Quality of Support
Average: 9.0
8.3
Language Support
Average: 8.4
9.2
Continuous Monitoring
Average: 8.8
9.4
Integration
Average: 8.8
Seller Details
Year Founded
2016
HQ Location
LOS GATOS, US
Company Website
https://threatwatch.io
Twitter
@threatwatch
LinkedIn® Page
https://www.linkedin.com/company/threatwatch/

GuardRails

(29)4.3 out of 5
Entry Level Price:Free
OverviewPros and Cons
Product Description

GuardRails is an end-to-end security platform that makes AppSec easier for both security and development teams. We scan, detect, and provide real-time guidance to fix vulnerabilities early. Trusted b

Industries: Information Technology and Services, Financial Services · Market Segment: 52% Small-Business, 48% Mid-Market
Pros and ConsUser Satisfaction
ProsSecurity, Vulnerability Detection, Ease of Use, Error Reduction, Threat Detection
ConsMissing Features, Time Management, Bug Issues, Dashboard Issues, False Positives
User SatisfactionSeller Details
GuardRails features and usability ratings that predict user satisfaction
8.5
Quality of Support
Average: 9.0
9.2
Language Support
Average: 8.4
10.0
Continuous Monitoring
Average: 8.8
8.9
Integration
Average: 8.8
Seller Details
Year Founded
2017
HQ Location
Singapore, Singapore
Company Website
https://www.guardrails.io
Twitter
@guardrailsio
LinkedIn® Page
https://www.linkedin.com/company/13599521

HCL AppScan

(76)4.1 out of 5
Entry Level Price:Free
OverviewUser Satisfaction
Product Description

HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint

Industries: Information Technology and Services, Computer & Network Security · Market Segment: 54% Enterprise, 28% Small-Business
User SatisfactionSeller Details
HCL AppScan features and usability ratings that predict user satisfaction
8.5
Quality of Support
Average: 9.0
8.8
Language Support
Average: 8.4
8.8
Continuous Monitoring
Average: 8.8
8.8
Integration
Average: 8.8
Seller Details
Year Founded
1999
HQ Location
Noida, Uttar Pradesh
Company Website
https://hcl-software.com/
Twitter
@hcltech
LinkedIn® Page
https://www.linkedin.com/company/1756/
Ownership
NSE - National Stock Exchange of India

Vigiles

(6)4.2 out of 5
OverviewUser Satisfaction
Product Description

Vigiles is a best-in-class vulnerability monitoring and remediation tool that combines a curated CVE database, continuous security feed based on your SBOM, powerful filtering, and easy triage tools so

Market Segment: 83% Small-Business, 17% Enterprise
User SatisfactionSeller Details
Vigiles features and usability ratings that predict user satisfaction
8.8
Quality of Support
Average: 9.0
8.9
Language Support
Average: 8.4
8.9
Continuous Monitoring
Average: 8.8
7.8
Integration
Average: 8.8
Seller Details
Year Founded
1996
HQ Location
Pittsburgh, US
Company Website
https://www.timesys.com/
Twitter
@Timesys
LinkedIn® Page
https://www.linkedin.com/company/timesys-corporation/
Filters
Filter
Clear Filter
More Filters
Market Segments
All Segments
Small Business
Mid Market
Enterprise
Avg. Customer Review
Language
Pricing
Sort by
Clear All
Clear Filter
More Filters
Market Segments
All Segments
Small Business
Mid Market
Enterprise
Avg. Customer Review
Language
Pricing
Sort by
Clear All
74 Listings in Software Composition Analysis Available
  • Sort By:
    G2 Score

Recommended For You

Gemini
Replit
Harness Platform
GitHub Copilot
Claude