SCA stands for Source Composition Analysis The tool analyzes dependencies, or third-party libraries used by an application and evaluates their security.
The following languages and package managers are supported:
|Language||Package Manager||Total Advisories|
|Java||Maven, Gradle, SBT||10432|
In addition to these, the tool also searches vulnerabilities in GitHub Actions dependencies.
In the SCA analysis, we strive for the application to comply with the following rules:
Use components with minimal dependencies
Verify all third-party components for security risks