Software Composition Analysis
Best SonarSource Advanced Security alternatives & competitors
17 active tools in the same primary category—including BoostSecurity Software Supply Chain Protection, DeepSource SCA, Flyingduck Secure Every Commit, and 14 more. Open any row for the full SecurityListing profile, pricing context, and reviews.
All 17 alternatives
chevron_rightBoostSecurity Software Supply Chain Protection
BoostSecurity Software Supply Chain Protection on SecurityListing: Software supply chain security platform for SDLC infrastructure protection
Software Composition Analysis4.5★(3 reviews)
chevron_rightDeepSource SCA
DeepSource SCA on SecurityListing: SCA platform with reachability analysis, AI-powered fixes, and license compliance
Software Composition Analysis4.5★(1 reviews)
chevron_rightFlyingduck Secure Every Commit
Flyingduck Secure Every Commit on SecurityListing: Commit-level code security scanning for vulnerabilities, secrets, and licenses
Software Composition Analysis4.5★(1 reviews)
chevron_rightRaven Runtime Prevention
Raven Runtime Prevention on SecurityListing: Runtime protection preventing supply-chain attacks & exploits via library-level policies
Software Composition Analysis4.5★(1 reviews)
chevron_rightFinite State Platform
Finite State Platform on SecurityListing: Platform for vulnerability detection in firmware, binaries, and SBOMs
Software Composition Analysis4.5★(1 reviews)
chevron_rightPhylum
Phylum on SecurityListing: Identifies 137 malicious npm packages and gathers system information to a remote server.
Software Composition Analysis4.5★(1 reviews)
chevron_rightFossID Software Composition Analysis
FossID Software Composition Analysis on SecurityListing: SCA tool for code scanning, license identification, and SBOM generation
Software Composition Analysis4.5★(1 reviews)
chevron_rightEndor Labs Application Security
Endor Labs Application Security on SecurityListing: AI-powered AppSec platform for code, dependencies, and container security
Software Composition Analysis4.3★(2 reviews)
chevron_rightpac-resolver
pac-resolver on SecurityListing: Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
Software Composition Analysis3.8★(1 reviews)
chevron_rightFlyingduck Code Security Intelligence
Flyingduck Code Security Intelligence on SecurityListing: SAST tool that detects logical flaws and business logic vulnerabilities
Software Composition Analysis3.8★(1 reviews)
chevron_rightWiz Unified Security
Wiz Unified Security on SecurityListing: Unified security platform for code, CI/CD, and cloud environments
Software Composition Analysis
chevron_rightRaven Runtime SCA
Raven Runtime SCA on SecurityListing: Runtime SCA tool that identifies exploitable vulnerabilities in cloud environments
Software Composition Analysis
chevron_rightMergeBase Software Composition Analysis
MergeBase Software Composition Analysis on SecurityListing: SCA platform for managing open source vulnerabilities across SDLC
Software Composition Analysis
chevron_rightThe Code Registry Application & Supply Chain Security
The Code Registry Application & Supply Chain Security on SecurityListing: AI-driven app & supply chain security platform with SBOM generation & scanning
Software Composition Analysis
chevron_rightFlyingduck Comprehensive SBOM Management
Flyingduck Comprehensive SBOM Management on SecurityListing: SBOM management platform for tracking dependencies and vulnerabilities
Software Composition Analysis
chevron_rightKodem Zero-waste Application Security
Kodem Zero-waste Application Security on SecurityListing: AI-native AppSec platform for code-to-runtime security with automated triaging
Software Composition Analysis
chevron_rightSabotage: Code added to popular NPM package wiped files in Russia and Belarus
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus on SecurityListing: A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
Software Composition Analysis
FAQ
- Are these “official” vendor pairings?
- No—alternatives are category peers for discovery, not paid placements. Vendors can still claim profiles and respond to reviews on their product pages.
- Why is my favorite tool missing?
- Only ACTIVE listings in the same primary category appear. Multi-category products may move when their primary category is updated.