PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top 5 Software Composition Analysis (SCA) Solutions to help you decide which solution is best for you.
Users compare and give feedback on the best Software Composition Analysis (SCA) Solutions that they’ve used — based on product reviews, ratings, and comparisons.
#1 Snyk
Snyk was ranked as the #1 Software Composition Analysis (SCA) Solution for 2022. PeerSpot users give Snyk an average rating of 8 out of 10.
PeerSpot user Nicholas S., Information Security Officer at a tech services company, says, "The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
Cameron G., Security Software Engineer at a tech company, mentions, "The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
A VP of Engineering at a tech vendor comments, "We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
#2 Sonatype Nexus Lifecycle
Sonatype Nexus Lifecycle was ranked as the #2 Software Composition Analysis (SCA) Solution for 2022. PeerSpot users give Sonatype Nexus Lifecycle an average rating of 8 out of 10.
A Senior Architect at an insurance company explains, "We really like the Nexus Firewall. There are increasing threats from npm, rogue components, and we've been able to leverage protection there. We also really like being able to know which of our apps has known vulnerabilities."
PeerSpot user Shubham S., Engineering Tools and Platform Manager at British Telecom, states, “Its engine itself is most valuable in terms of the way it calculates and decides whether a security vulnerability exists or not. That's the most important thing. Its security is also pretty good, and its listing about the severities is also good. The plugins that are there on the editor are also valuable. Engineers don't have to wait for the entire pipeline to go in and show some results. While they are writing code, it can stop them from writing something that might end up as a security vulnerability.”
Austin B., Enterprise Infrastrcture Architect at Qrypt, comments, "When I started to install the Nexus products and started to integrate them into our development cycle, it helped us construct or fill out our development process in general. The build stage is a really good template for us and it helped establish a structure that we could build our whole continuous integration and development process around. Now our git repos are tagged for different build stages data, staging, and for release. That aligns with the Nexus Lifecycle build stages."
#3 GitLab
GitLab was ranked as the #3 Software Composition Analysis (SCA) Solution for 2022. PeerSpot users give GitLab an average rating of 8 out of 10.
Ramesh P., System and Storage Engineer at Harsco Corporation, says, "We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
A Technical Lead at a mining and metals company mentions that the solution has a “Helpful interface, facilitates peer code reviews, and the continuous integration features are good.”
A. Partenaire, CEO at a tech services company, explains, “The most valuable feature of GitLab is the level of control that it offers. I have more control over everything.”
A PeerSpot user at a real estate/law firm states, “GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable.”
#4 WhiteSource
WhiteSource was ranked as the #4 Software Composition Analysis (SCA) Solution for 2022. PeerSpot users give WhiteSource an average rating of 8 out of 10.
PeerSpot user Shashidhar G., Program and Portfolio Management at Acceldata, says, "We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
Alon M., Founder & CEO at Data+, mentions, The most valuable features for us are:
One, fix suggestions. Our dev team uses the fix suggestions feature to quickly find the best path for remediation. Before that you would have to research online for fixes, and most of the time it’s not that straightforward. Two, trace analysis. Trace analysis enables our team to get the fix, including a clear path to the vulnerable method. This saves quite some time. And three, open-source inventory reports. These reports are easy to manage and provide a clear view of our open-source assets. There’s also an option to create policies around that.”
A Principal Software Architect at a tech services company explains, “The solution boasts a broad range of features and covers much of what an ideal SCA tool should. It covers the containers. One can create his teams and, should he encounter an issue, send an alert to the team's DL.”
#5 FOSSA
FOSSA was ranked as the #5 Software Composition Analysis (SCA) Solution for 2022. PeerSpot users give FOSSA an average rating of 8 out of 10.
Brett F., Manager of Open Source Program Office at a financial services firm, says, "The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components."
Patrick L., Associate General Counsel at Circleci, comments, "FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that."
