Top 12 Open-Source Alternatives to Black Duck Software Composition Analysis

Black Duck Software Composition Analysis

Black Duck Software Composition Analysis (SCA) provides a solution for managing open source security, quality, and license compliance risks that comes from the use of open source and third-party code.

Product categories

Clean Code Code Analysis Code Coverage Code Quality Code Review Continuous Deployment Continuous Integration DevOps Tools DevSecOps Open Source Security Web Application Security

Summary

The top open-source alternatives to Black Duck Software Composition Analysis are Snyk, SonarQube, and FOSSA. One of the criteria for ordering this list is the number of mentions that products have on reliable external sources. You can suggest additional sources through the form here.

Snyk Landing Page
1

Snyk

Snyk helps you use open source and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and much more.
Pricing:
- Open Source
#Security #Security Monitoring #Security CI 85 social mentions
SonarQube Landing Page
2

SonarQube

SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.
Pricing:
- Open Source
- Freemium
- Free Trial
- $150.0 / Annually
#Code Analysis #Code Review #Code Coverage 1 social mentions
FOSSA Landing Page
3

FOSSA

Open source license compliance and dependency analysis
Pricing:
- Open Source
#Security #Code Analysis #Web Application Security 7 social mentions
OWASP Dependency-Track Landing Page
4

OWASP Dependency-Track

OWASP Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows...
Pricing:
- Open Source
#Security #Code Analysis #Security & Privacy 19 social mentions
Dependency-Check Landing Page
5

DC

Dependency-Check

Dependency-Check is a utility that identifies project dependencies and checks if there are any...
Pricing:
- Open Source
#Security #Code Analysis #Web Application Security 16 social mentions
Cppcheck Landing Page
6

Cppcheck

Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives. CppCheckDownload cppcheck for free.
Pricing:
- Open Source
#Code Analysis #Code Coverage #Development 10 social mentions
Sysdig Landing Page
7

Sysdig

Sysdig is an open source, system-level exploration that capture system state and activity from a running Linux instance, then save, filter and analyze.
Pricing:
- Open Source
#Security #Monitoring Tools #Developer Tools 2 social mentions
Jenkins Landing Page
8

Jenkins

Jenkins is an open-source continuous integration server with 300+ plugins to support all kinds of software development
Pricing:
- Open Source
#DevOps Tools #Continuous Integration #Continuous Deployment 6 social mentions
JaCoCo Landing Page
9

JaCoCo

JaCoCo is a free Java code coverage library.
Pricing:
- Open Source
#Code Coverage #Code Analysis #Code Quality
Closure Compiler Landing Page
10

Closure Compiler

The Closure Compiler is a tool for making JavaScript download and run faster.
Pricing:
- Open Source
#Web Application Bundler #Tool #Code Analysis 10 social mentions
StyleCop Landing Page
11

StyleCop

Analyzes C# source code to enforce a set of style and consistency rules. - StyleCop/StyleCop
Pricing:
- Open Source
#Code Analysis #Code Coverage #Code Review
SpotBugs Landing Page
12

SpotBugs

Static Application Security Testing (SAST)
Pricing:
- Open Source
#Code Analysis #Code Review #Web Application Security 4 social mentions