The best Software Composition Analysis vendors are Sonatype Nexus Lifecycle, WhiteSource,
Black Duck Hub, GitLab and Black Duck Protex.
Sonatype is the top solution according to IT Central Station reviews and rankings.
One reviewer writes: "Interactive view provides recommendations on particular versions or licenses needed", and another reviewer writes: "Delivers a huge reduction in development lifecycle duration; automatically blocks insecure open-source libraries".
The 2nd best product is WhiteSource. A user writes: "Helpful for compiling a list of our third-party libraries, but it needs a quality gate function",
and another reviewer writes: "Deployment is easy: In 30 minutes, your product is analysed and the results are available.".
See our free Buyer's Guide for Software Composition Analysis.