Gemnasium vs FOSSA Comparison | StackShare | StackShare

FOSSA vs Gemnasium

Overview

Gemnasium

Stacks8

Followers16

Votes0

FOSSA

Stacks29

Followers37

Votes4

GitHub Stars1.4K

Forks185

FOSSA vs Gemnasium: What are the differences?

FOSSA: Continuously scan and comply with open source licenses across your deep dependencies. Continuously scan and comply with open source licenses across your deep dependencies; Gemnasium: Parses your project's dependencies and notifies you when new versions are released or they need to be updated. Gemnasium keeps track of projects dependencies. Ruby, Node.js, PHP composer, Bower and Python projects dependencies are automatically parsed, and notifications sent when new versions are released or security advisories are published.

FOSSA and Gemnasium can be primarily classified as "Dependency Monitoring" tools.

FOSSA is an open source tool with 678 GitHub stars and 58 GitHub forks. Here's a link to FOSSA's open source repository on GitHub.

Detailed Comparison

Gemnasium	FOSSA
Gemnasium keeps track of projects dependencies. Ruby, Node.js, PHP composer, Bower and Python projects dependencies are automatically parsed, and notifications sent when new versions are released or security advisories are published.	Stop vulnerabilities, automate compliance, and mitigate third-party risk in your applications
Know about security vulnerabilities affecting your code ;Know when new versions of your dependencies gets released; Know what changed with integrated changelogs	-
Statistics
GitHub Stars -	GitHub Stars 1.4K
GitHub Forks -	GitHub Forks 185
Stacks 8	Stacks 29
Followers 16	Followers 37
Votes 0	Votes 4
Pros & Cons
No community feedback yet	Pros 1 Easy to integrate 1 Fewer false positives 1 Native to CI 1 Supports full text license scanning
Integrations
Ruby npm Python PHP Bower Yarn	Yarn .NET Core Android OS Travis CI Bitbucket Buck Clojure Haskell SBT Python

What are some alternatives to Gemnasium, FOSSA?

Snyk

Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform

Dependabot

Dependabot helps you keep your dependencies up to date. Every day, it checks your dependency files for outdated requirements and opens individual PRs for any it finds. You review, merge, and get to work on the latest, most secure releases.

AutoFac

It is an addictive Inversion of Control container for .NET Core, ASP.NET Core, .NET 4.5.1+, Universal Windows apps, and more. It provides activation events to let you know when components are being activated or released, allowing for a lot of customization with little code.

GreenKeeper

Real-time monitoring for npm dependencies. Let a bot send you informative and actionable issues so you can easily keep your software up to date and in working condition.

WhiteSource

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.

Aikido Security

It is a developer-first software security app. It scans your source code & cloud to show you which vulnerabilities are actually important to solve. We speed up triaging by massively reducing false positives and making CVEs human-readable.

Tidelift

Automatic compliance testing for all of the dependencies in your application.

Doppins

Doppins creates informative pull requests and commit messages in a timely fashion, and includes a changelog for the released version if available.

GuardRails

Makes open-source security tools easily available in your Pull Requests. Continuously identifies security problems in your codebase and helps you fix them.