Testing methods
SCA
Software Composition Analysis
Software Composition Analysis (SCA) inventories the open-source and third-party components an application depends on and flags those with known vulnerabilities (CVEs) or problematic licenses. SCA is essential for supply-chain risk but only covers known issues in dependencies - not custom-code flaws or business-logic vulnerabilities.
Key points
- Maps dependencies to known CVEs and license risk.
- Central to software supply-chain security.
- Does not find flaws in your own application logic.
Related
References
Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.
Join the waitlist