IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. Glossary
  3. SCA

Testing methods

SCA

Software Composition Analysis

Software Composition Analysis (SCA) inventories the open-source and third-party components an application depends on and flags those with known vulnerabilities (CVEs) or problematic licenses. SCA is essential for supply-chain risk but only covers known issues in dependencies - not custom-code flaws or business-logic vulnerabilities.

Key points

  • Maps dependencies to known CVEs and license risk.
  • Central to software supply-chain security.
  • Does not find flaws in your own application logic.

Related

SASTDevSecOpsCVE

References

  • OWASP Dependency-Check

Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.

Join the waitlist
← All terms
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub