SCA automatically identifies open-source libraries and third-party components in code, mapping them against CVE databases to detect vulnerable dependencies.
Most code is open-source dependencies — SCA is essential. Tools: Snyk, WhiteSource, Black Duck, GitHub Dependabot. 78% of codebases contain at least one known vulnerability in a dependency. SCA is the automated SBOM creator.