SCA Integrations — Dependency & Container Scanning
Vulnerable dependencies are the fastest-growing share of most backlogs. Centraleyezer ingests SCA results from Trivy and Mend.io (WhiteSource) — CVEs in OS packages and language libraries, with installed and fixed versions preserved — so dependency risk is tracked, assigned and verified like every other finding instead of living in a separate report.
Trivy
Aqua Trivy open-source scanner for container images, filesystems, and IaC. JSON import covering OS packages and language library vulnerabilities.
Integration guideSnyk Code
Snyk SAST and SCA findings import covering static code analysis (Snyk Code) and open-source dependency vulnerabilities (Snyk Open Source).
Mend.io (WhiteSource)
Mend.io (formerly WhiteSource) open-source vulnerability findings. JSON export import for centralised dependency risk tracking.
Integration guideOWASP Dependency-Check
OWASP Dependency-Check open-source SCA findings covering known vulnerable libraries in Java, .NET, Python, Node.js, and more.
Black Duck (Synopsys)
Synopsys Black Duck SCA findings for open-source component vulnerabilities and licence risk across all major package managers.
JFrog Xray
JFrog Xray SCA and container security findings — covers binary components, Docker layers, and artefact dependencies across JFrog Artifactory.