FlexNet Code Insight Room for Improvement
it_user1061121
Works
Due to the "snippet match" nature of the scans, we found that it was too much effort to properly validate and catalog each open source component with every new project/product. Incremental results were also difficult to achieve even after consulting with the vendor. We found there were too many false positives and the code-snippet validator had bugs and presented too many false positives.
My experience with this tool has turned me away from "snippet"-focused composition analysis. We have switched to one that uses more complete code signatures that do not require validation and review of findings in most cases.
Buyer's Guide
Software Composition Analysis (SCA)
April 2024
Find out what your peers are saying about Revenera, Synopsys, Mend.io and others in Software Composition Analysis (SCA). Updated: April 2024.
767,847 professionals have used our research since 2012.
Buyer's Guide
Download our free Software Composition Analysis (SCA) Report and find out what your peers are saying about Revenera, Synopsys, Mend.io, and more!
Updated: April 2024
Product Categories
Software Composition Analysis (SCA)Popular Comparisons
Veracode
Black Duck
Buyer's Guide
Download our free Software Composition Analysis (SCA) Report and find out what your peers are saying about Revenera, Synopsys, Mend.io, and more!
Quick Links
Learn More: Questions:
- What tools do you rely on for building a DevSecOps pipeline?
- What alternatives are there for Fortify WebInspect and Fortify SCA?
- What is the best way to track open-source license compatibility?
- Differences between Black Duck & Veracode
- What SCA solution do you recommend?
- What is the best way to shift left when developing software?
- What can help if my open-source usage is out of control?
- Is there an SCA solution that finds and fixes vulnerabilities?
- Can I get SCA in my IDE?
- How long does SCA scanning take?
