Testing Checked by Vezraa
Software Composition Analysis (SCA)
Automated analysis of open-source components for known vulnerabilities.
SCA tools scan your dependencies against CVE databases to identify known vulnerable packages. Essential for managing supply chain risk. Also checks license compliance. Tools like npm audit, Snyk, and GitHub Dependabot are common SCA implementations.