The Forrester Wave: Software Composition Analysis, 2019
Forrester states that one in eight open source component downloads contained a known security vulnerability and security pros now have less time to identify and remediate them. In order to keep up, an SCA solution is necessary. This report identifies the 10 most significant software composition analysis providers—Flexera, FOSSA, GitLab, JFrog, Snyk, Sonatype, Synopsys, Veracode, WhiteHat Security and WhiteSource— and how each provider measures up and helps security professionals select the right one for their needs.