← Cybersecurity Alphabet Soup

SCA

Software Composition Analysis

appsecmedium

SCA tools inventory the open source libraries and other third-party components inside an application, then flag known vulnerabilities and license risks in those dependencies. Since most modern codebases are largely made of open source, a single outdated library can expose the whole app, as incidents like Log4Shell showed. SCA typically runs in CI on every build so risky dependencies are caught before release.

Sources

More in appsec