CodeThreat - Knowledge Center
CodeThreatGithub
  • Latest
    • v2409 Cloud Upgrades, Repo Monitoring, Path Exclusion, and New JS/TS Rulesets
  • Product Updates
    • v2402 GenAI, Sarif and New Language Supports
    • v2401 SCA Release
    • v2311.30
    • v2310.29
    • v2309.30
    • v2308.30
    • v2307.25
    • v2306.26
    • v2305.26
    • v2304.23
  • Privacy Policy
  • Terms of Service
  • Company Handbook
  • Usage Guide
    • API Documentation
    • CT Server Installation
      • Deploy with Docker
      • Self-Hosted Server Setup
      • Installation
    • Introducing CodeThreat
    • Create a CodeThreat Account
    • Quick Start & Scan
    • HomePage
    • Projects
      • Overview
      • Scans
      • SCA(Software Composition Analysis)
      • Licences
      • Dependency Tree
      • Project Structure
      • Report
    • Issues
      • Issue List
      • Issue List Filter
      • Issue Detail
    • Integrations
      • Azure
      • Github
      • Gitlab
      • Jira
    • CI-CD Integrations
      • GitHub Actions
      • Jenkins
      • Gitlab
      • Bamboo
      • Azure
    • Notifications
    • Settings
      • General
      • SMTP
      • License
      • OAUTH Apps
        • Azure
        • Github
        • GitLab
      • Organizations
      • Scan Policy
      • Users & Groups
      • Notifications
      • Access Token
Powered by GitBook
On this page

Was this helpful?

  1. Usage Guide
  2. Projects

SCA(Software Composition Analysis)

PreviousScansNextLicences

Last updated 1 year ago

Was this helpful?

CodeThreat SCA designed to give teams an in-depth understanding of their project's dependencies. Our new information panel provides a transparent overview of open-source components, their licenses, and associated vulnerabilities, directly within your workflow

  • Identify Issues Quickly: Understand the specific vulnerabilities of third-party components in your code.

  • Actionable Solutions: Receive clear guidance on resolving identified issues and keeping your dependencies secure.

  • SAST Issue Correlation: See how SAST findings are related to third-party components, providing a holistic view of your project's security.

Intelligent Fix Recommendations: Our tool goes beyond the surface, providing the most effective version upgrades for a fix — not just the latest, but the best fit for your project.

  • The library or component with a known vulnerability.

  • The severity of the vulnerability categorized as Critical, High, Medium, or Low.

  • The specific version of the component that is affected.

  • The location where the affected component is found within the project's file structure.

  • The recommended version to which the component should be updated to mitigate the vulnerability.

  • A description of the vulnerability which often includes technical details of the issue.

  • References to the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) for more information.

  • Metadata such as the date when the vulnerability was published and last modified.