Compare FOSSA vs. Veracode Software Composition Analysis
FOSSA is ranked 9th in Software Composition Analysis (SCA) while Veracode Software Composition Analysis is ranked 6th in Software Composition Analysis (SCA) with 4 reviews. FOSSA is rated 0, while Veracode Software Composition Analysis is rated 7.2. On the other hand, the top reviewer of Veracode Software Composition Analysis writes "Enables us to identify potential problems in applications and fix them before they are used in ways they should not be but has false positives". FOSSA is most compared with Black Duck , WhiteSource and Snyk, whereas Veracode Software Composition Analysis is most compared with Black Duck , JFrog Xray and Sonatype Nexus Lifecycle.
 |
Most Helpful Review | |||
Use FOSSA? Share your opinion. |
| ||
 Find out what your peers are saying about Sonatype, WhiteSource, Synopsys and others in Software Composition Analysis (SCA). Updated: March 2020. 406,607 professionals have used our research since 2012. | |||
Quotes From Members
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pricing and Cost Advice | |
Information Not Available | Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support. |
 Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs. 406,607 professionals have used our research since 2012. | |
Ranking  | |
Views 601 Comparisons 526 Reviews 0 Average Words per Review 0 Avg. Rating N/A | Views 1,967 Comparisons 1,748 Reviews 4 Average Words per Review 642 Avg. Rating 7.3 |
Top Comparisons | |
 Compared 43% of the time.  Compared 22% of the time.  Compared 20% of the time. | Compared 47% of the time.  Compared 17% of the time.  Compared 12% of the time. |
Also Known As | |
| Veracode SCA, SourceClear | |
Learn | |
| FOSSA Video Not Available | Veracode Video Not Available |
Overview | |
Open Source has become the critical supplier for modern software companies, changing everything about how people think about their code. FOSSA builds the infrastructure for modern teams to be successful with open source. FOSSA's flagship product helps teams track the open source used in their code and automate license scanning and compliance. Since then, over 3000 open source projects (Kubernetes, Webpack, Terraform, ESLint) and companies (Docker, Tesla, Mapbox, Hashicorp) rely on FOSSA's tools to ship software. If you are in the software industry today, you're now using code that runs FOSSA. | Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance. |
Offer | |
Learn more about FOSSA | Learn more about Veracode Software Composition Analysis |
Sample Customers | |
| Applause, JS Foundation, SmartThings | Information Not Available |
Top Industries | |
No Data Available | Software R&D Company51% Comms Service Provider11% Government8% Retailer7% |
Find out what your peers are saying about Sonatype, WhiteSource, Synopsys and others in Software Composition Analysis (SCA). Updated: March 2020.
406,607 professionals have used our research since 2012.
See also FOSSA Reviews, Veracode Software Composition Analysis Reviews, and our list of Best Software Composition Analysis (SCA) Companies.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post
reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference
with LinkedIn, and personal follow-up with the reviewer when necessary.