{"id":26562,"date":"2022-02-10T12:23:14","date_gmt":"2022-02-10T12:23:14","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=26562"},"modified":"2022-03-04T12:52:11","modified_gmt":"2022-03-04T12:52:11","slug":"what-is-software-composition-analysis-sca","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/what-is-software-composition-analysis-sca\/","title":{"rendered":"What is Software Composition Analysis (SCA)"},"content":{"rendered":"\n<p>Software composition analysis (SCA) is an automated process that identifies the open source software in a codebase. This analysis is performed to evaluate security, license compliance, and code quality.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>SCA Identify Vulnerabilities in Open Source<\/li><li>Scan open source dependencies for known vulnerabilities.<\/li><li>Get data-driven recommendations for version updating with details on the fix impact to your code before automating the change.<\/li><li>Gain comprehensive, centralized visibility across different environments and applications, and detect flaws earlier.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"challenges-with-open-source-code\">Challenges with Open Source Code<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code.png\"><img loading=\"lazy\" decoding=\"async\" width=\"697\" height=\"563\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code.png\" alt=\"\" class=\"wp-image-26563\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code.png 697w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-300x242.png 300w\" sizes=\"auto, (max-width: 697px) 100vw, 697px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-2-1024x580.png\" alt=\"\" class=\"wp-image-26564\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-2-1024x580.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-2-300x170.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-2-768x435.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-2-1536x870.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Challenges-with-Open-Source-Code-2-2048x1161.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"evolution-of-software-composition-analysis-sca\">Evolution of Software Composition Analysis (SCA)<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Evolution-of-Software-Composition-Analysis-SCA.jpeg\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"400\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Evolution-of-Software-Composition-Analysis-SCA.jpeg\" alt=\"\" class=\"wp-image-26565\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Evolution-of-Software-Composition-Analysis-SCA.jpeg 800w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Evolution-of-Software-Composition-Analysis-SCA-300x150.jpeg 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Evolution-of-Software-Composition-Analysis-SCA-768x384.jpeg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"software-composition-analysis-process-in-sdlc\">Software Composition Analysis Process in SDLC<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Process-in-SDLC.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"443\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Process-in-SDLC-1024x443.png\" alt=\"\" class=\"wp-image-26566\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Process-in-SDLC-1024x443.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Process-in-SDLC-300x130.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Process-in-SDLC-768x332.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Process-in-SDLC.png 1244w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"software-composition-analysis-output\">Software Composition Analysis Output<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Output.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"590\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Output.png\" alt=\"\" class=\"wp-image-26567\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Output.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Output-300x173.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software-Composition-Analysis-Output-768x443.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-software-composition-analysis-sca-works\">How Software Composition Analysis SCA works?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/How-Software-Composition-Analysis-SCA-works.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/How-Software-Composition-Analysis-SCA-works.jpg\" alt=\"\" class=\"wp-image-26568\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/How-Software-Composition-Analysis-SCA-works.jpg 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/How-Software-Composition-Analysis-SCA-works-300x169.jpg 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/How-Software-Composition-Analysis-SCA-works-768x432.jpg 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/How-Software-Composition-Analysis-SCA-works-355x199.jpg 355w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"sast-vs-sca\">SAST Vs SCA<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/sast-static-application-security-testing-vs-sca-software-composition-analysis-1-638.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"572\" height=\"1024\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/sast-static-application-security-testing-vs-sca-software-composition-analysis-1-638-572x1024.jpg\" alt=\"\" class=\"wp-image-26569\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/sast-static-application-security-testing-vs-sca-software-composition-analysis-1-638-572x1024.jpg 572w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/sast-static-application-security-testing-vs-sca-software-composition-analysis-1-638-168x300.jpg 168w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/sast-static-application-security-testing-vs-sca-software-composition-analysis-1-638.jpg 638w\" sizes=\"auto, (max-width: 572px) 100vw, 572px\" \/><\/a><\/figure>\n\n\n<a href=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/02\/Software_Composition_Analysis_OWASP_Stammtisch_-_Stanislav_Sivak.pdf\" class=\"pdfemb-viewer\" style=\"\" data-width=\"max\" data-height=\"max\" data-toolbar=\"both\" data-toolbar-fixed=\"on\">Software_Composition_Analysis_OWASP_Stammtisch_-_Stanislav_Sivak<\/a>\n<p class=\"wp-block-pdfemb-pdf-embedder-viewer\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Software composition analysis (SCA) is an automated process that identifies the open source software in a codebase. This analysis is performed to evaluate security, license compliance, and code quality. SCA&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-26562","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/26562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=26562"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/26562\/revisions"}],"predecessor-version":[{"id":26573,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/26562\/revisions\/26573"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=26562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=26562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=26562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}