SCA(Software Composition Analysis)

CodeThreat SCA designed to give teams an in-depth understanding of their project's dependencies. Our new information panel provides a transparent overview of open-source components, their licenses, and associated vulnerabilities, directly within your workflow

  • Identify Issues Quickly: Understand the specific vulnerabilities of third-party components in your code.

  • Actionable Solutions: Receive clear guidance on resolving identified issues and keeping your dependencies secure.

  • SAST Issue Correlation: See how SAST findings are related to third-party components, providing a holistic view of your project's security.

Intelligent Fix Recommendations: Our tool goes beyond the surface, providing the most effective version upgrades for a fix — not just the latest, but the best fit for your project.

  • The library or component with a known vulnerability.

  • The severity of the vulnerability categorized as Critical, High, Medium, or Low.

  • The specific version of the component that is affected.

  • The location where the affected component is found within the project's file structure.

  • The recommended version to which the component should be updated to mitigate the vulnerability.

  • A description of the vulnerability which often includes technical details of the issue.

  • References to the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) for more information.

  • Metadata such as the date when the vulnerability was published and last modified.

Last updated