![FlexNet Code Insight vs. Sentinel SCA [EOL] report](https://www.peerspot.com/assets/media/images/icons/pdf-80836ec5.svg){kind=icon}
![Sentinel SCA [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_64/my0agrr7cdqdu1yinxwkgywuehxt.jpg?_a=BACAGSDL)
![Sentinel SCA [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/my0agrr7cdqdu1yinxwkgywuehxt.jpg?_a=BACAGSDL){kind=small}
![Sentinel SCA [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_40/my0agrr7cdqdu1yinxwkgywuehxt.jpg?_a=BACAGSDL){kind=small}
Due to the "snippet match" nature of the scans, we found that it was too much effort to properly validate and catalog each open source component with every new project/product. Incremental results were also difficult to achieve even after consulting with the vendor. We found there were too many false positives and the code-snippet validator had bugs and presented too many false positives. My experience with this tool has turned me away from "snippet"-focused composition analysis. We have switched to one that uses more complete code signatures that do not require validation and review of findings in most cases.
![Sonatype Lifecycle vs Sentinel SCA [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/oNyXq7zCCxXF9TE6S5F9W5jG.png?_a=BACAGSDL){kind=small}
