An open guide to evaluating software composition analysis tools

With the help of software composition analysis SCA tools software development teams can track and analyze any open source code brought into a project from a licensing compliance and security vulnerabilities perspective. Such tools discover open source code at various levels of details and capabilities their direct and indirect dependencies licenses in effect and the presence of any known security vulnerabilities and potential exploits. Several companies provide SCA suites open source tools and related services driven as community projects. The question of what tool is most suitable for a specific usage model and environment always comes up. It is difficult to answer given the lack of a standard method to compare and evaluate such tools.

The goal of this paper is to recommend a series of comparative metrics when evaluating multiple SCA tools.

The post An open guide to evaluating software composition analysis tools appeared first on The Linux Foundation.


Read Full Post

News Link:
RSS Link:

Linux Chatter is a news aggregator service that curates some of the best Linux, Cloud, Technical Guides, Hardware and Security news. We display just enough content from the original post to spark your interest. If you like the topic, then click on the 'read full post' button to visit the author's website. Use Linux Chatter to find content from amazing authors!

Note: The content provided has been modified and is not displayed as intended by the author. Any trademarks, copyrights and rights remain with the source.

Disclaimer: Linux Chatter sources content from RSS feeds and personal content submissions. The views and opinions expressed in these articles are those of the authors and do not necessarily reflect those of Linux Chatter.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.