Welcome to EverybodyWiki ! Nuvola apps kgpg.png Log in or create an account to improve, watchlist or create an article like a company page or a bio (yours ?)...

Software Composition Analysis

From EverybodyWiki Bios & Wiki

Software Composition Analysis (SCA) comprises the set of tools that are used for securing open source software components. An outgrowth of application security, SCA identifies third-party and open source components that have been integrated into your applications.[1]

As opposed to testing tools such as Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST) that are used for sifting through proprietary code to seek out potential bugs and security flaws, SCA looks to match open source components in the user’s inventory and products with known vulnerabilities that have been posted on databases like the National Vulnerability Database (NVD)[2] .

Uses for SCA[edit]

  • Open Source Security - Alerts users to new vulnerabilities found in their inventory or products based on publications on security databases.
  • BoM - Detects all open source components in the user’s inventory, providing a detailed bill of materials for visibility and due diligence purposes.
  • Open Source License Management - Identifies associated licenses for components, helping to maintain compliance with organizational policies
  • Quality - Tracks how often projects receive new versions and commits, bug fixes, and other factors that can impact the quality of the project.


This article "Software Composition Analysis" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Software Composition Analysis. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.

Farm-Fresh comment add.png You have to Sign in or create an account to comment this article !