Skip to main content

Core Concepts

What is Software Composition Analysis (SCA)?

Software Composition Analysis (SCA) is the automated process of assessing and managing third-party components in a software application. It aims to improve the security and compliance of the software supply chain by addressing potential vulnerabilities in third-party dependencies and monitoring their associated licenses.

Why should you implement SCA?

SCA is an essential process to guarantee the security of your software development cycle. It will allow you:

  • Identifying dependencies: Identify all direct and transitive dependencies used in your software and track all their related information, such as their license and version.
  • Continuously identifying and mitigating dependency vulnerabilities: Identify and fix vulnerabilities anytime new CVEs are disclosed, or new dependencies are added, from direct to transitive nested dependencies.
  • Applying shifting-left strategy: Prevent new vulnerabilities as early as possible in the development process, reducing the risk and the cost associated with remediation.
  • Ensuring legal compliance: Manage your open-source licenses to prevent legal license issues.
  • Meeting regulatory requirements: Comply with industry regulations and standards by providing Software Bills of Materials (SBOMs).

Views overview

GitGuardian SCA gives you a set of views to help you have a clear inventory of your sources, dependencies, and vulnerabilities:

  • The Incidents view gives a detailed and comprehensive list of the vulnerabilities introduced by the third-party components in your sources.
  • The Sources view lists all the monitored sources from your integrated Version Control System.
  • The Dependencies view lists all third-party dependencies discovered from your sources, along with their version and associated licenses.
  • The Analytics view helps you track your performance in remediating triggered incidents.

Each feature you will find from these views is detailed in the following sections.

How can I help you ?