Software Composition Analysis (SCA) Questions
Rendra Kurniawan, SFC.,CMPM
User
Feb 11 2021

Dear All, 

Can you suggest 2 or 3 products that could compete with:

1. Fortify WebInspect 

2. Fortify Static Code Analyzer

I need suggestions for similar products so I could compare for my consultant project. 
Thanks in advance for the advice.

Regards

Russell RothsteinAccording to the IT Central Station community, the most popular alternatives to… more »
Oscar Van Der MeerFortify Static Code Analyzer is actually NOT an SCA (Software Composition… more »
Thomas RyanRendra,  You need to ask yourself a few questions:  1. Do I know is the… more »
Rony_Sklar
IT Central Station

What are the different types of tools that should be used together in DevSecOps?

What are the specific tools that you like to use when working on your DevSecOps pipeline? 

What is essential, and what is a nice-to-have? 

Jeremy VaughanDepends on budget and the larger approach to security, compliance, and risk… more »
Rony_Sklar
IT Central Station

What are some best practices for reducing OSS vulnerabilities?

Meng Chen
Student at Syracuse University

What are the main differences between Black Duck and Veracode for Software Composition Analysis (SCA)?

Oscar Van Der MeerClients that have benchmarked our solution against both BlackDuck and Veracode… more »
Bruno SchiavettiIt really comes down to what your expectations are. Blackduck has the ability to… more »