Looking for a solution that can automate the following....

Right now we have a highly manual process for reviewing/approving COTS applications before they are added to golden images and/or approved for distribution. We manually load the apps in a sandbox environment, manually review the DLLs that are changed on install, manually monitor the the traffic and look for any unusual outbound/inbound connections. This is all highly time consuming (very inefficient) and the quality of the review is subject to the level of precision provided by the person testing the COTS application at any given time (highly variable).

Ideally we'd like to find something that can automate all of that - improving consistency, thoroughness, and efficiency. We'd like to find something that automates all the checks we are currently doing manually, while interfacing with known bad IP address lists, threat intel, etc. to automatically flag risky behaviors for the apps and establish a security score.

Anyone have any recommendations on solutions we should consider? We are an enterprise shop - 30,000 users.

Reiterating that this is for COTS and COTS only. We have SCA, SAST, DAST in our custom application development environment.