Is it duplication if I use both Checkmarx and Whitesource tool for third party code scan to find vulnerability?
If they are not same then how are they different when it comes to scanning third party code?
I tried to scan third party code with both tools and saw that Checkmarx found many vulnerabilities where as Whitesource found only vulnerabilities which are known in public(vulnerabilities having CVE number)
Does this mean, if you want to find known vulnerabilities then use Whitesource and if you want to find known and unknown vulnerabilities then use Checkmarx?
