WhiteSource is the top solution for Software Composition Analysis according to IT Central Station reviews and rankings.
One reviewer writes: "Deployment is easy: In 30 minutes, your product is analysed and the results are available.", and another reviewer writes: "Enables scanning of third-party libraries to ensure policy compliance but needs better role definition".
The 2nd best product is Sonatype Nexus Lifecycle. A user writes: "Delivers a huge reduction in development lifecycle duration; automatically blocks insecure open-source libraries",
and another reviewer writes: "Aggregation of threat details means we're no longer building blindly with vulnerable components ".
Other popular vendors in this market are Synopsys, GitLab, and Flexera.
See our free Buyer's Guide for Software Composition Analysis.
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score.
The score is calculated as follows: The product with the highest count in each area gets the highest available score.
(18 points for Reviews, Words/Review, Views and Comparisons.)
Every other product gets assigned points based on its total in proportion to the #1 product in
that area. For example, if a product has 80% of the number of reviews compared to the product
with the most reviews then the product's points for reviews would be 18 (weighting factor) *
80% = 14.4. For Average Rating, the maximum score is 28 points awarded linearly between 6-10
(e.g. 6 or below=0 points; 7.5=10.5 points; 9.0=21 points; 10=28 points).
If a product has fewer than ten reviews, the point contribution for Average Rating and Words/Review
is reduced: 1/3 reduction in points for products with 5-9 reviews,
two-thirds reduction for products with fewer than five reviews. Reviews that are more than 24 months old,
as well as those written by resellers, are completely excluded from the ranking algorithm.