Open Source Java Code Vulnerability Tool
Hello,
We are looking for a product that would scan our Java application and identify all known published open-source code vulnerabilities.
I found one such tool, and we are in the process of evaluating it:
Sonatype Application Health Check
http://www.sonatype.com/Products/Application-Health-Check
Another more expensive product is HP Fortify
http://www8.hp.com/us/en/software-solutions/software.html?compURI=1337262
I wanted to reach out to the community to see if anyone has used any such product.
Thanks,
Vlad