A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools and tutorials. SCA is a technique to find third party vulnerable components used in your code.
Contributions welcome. Add links through pull requests or create an issue to start a discussion.
- Books
- Articles
- Courses
- Free Tools
- Commercial Tools
- Vulnerability Databases
- References
- Credits
- Contributing
- Securing Open Source Libraries By Guy Podjarny
Courses/videos on SCA.
Client Side Libraries:
Backend Libraries:
- dotnet CLI
- Dependancy-Check
- WhiteSource Bolt (Free offering that currently works within Azure DevOps or GitHub)
Most commercial SCA tools support multiple programming languages like Java, Python, Ruby, Go, PHP,.NET,Scala and license scans.
- National Vulnerability Database
- Snyk Vulnerabilitydb
- VulnDB Data Mirror
- NIST Data Mirror
- Exploit Database
- Vulert Vulnerability Database
- Debricked Vulnerability Database
- This repo is based on the original work done by our friend @raghunath24
Please refer the guidelines at contributing.md for details.