SCA(Software Composition Analysis)

CodeThreat SCA designed to give teams an in-depth understanding of their project's dependencies. Our new information panel provides a transparent overview of open-source components, their licenses, and associated vulnerabilities, directly within your workflow

• Identify Issues Quickly: Understand the specific vulnerabilities of third-party components in your code.

• Actionable Solutions: Receive clear guidance on resolving identified issues and keeping your dependencies secure.

• SAST Issue Correlation: See how SAST findings are related to third-party components, providing a holistic view of your project's security.

Intelligent Fix Recommendations: Our tool goes beyond the surface, providing the most effective version upgrades for a fix — not just the latest, but the best fit for your project.

• The library or component with a known vulnerability.

• The severity of the vulnerability categorized as Critical, High, Medium, or Low.

• The specific version of the component that is affected.

• The location where the affected component is found within the project's file structure.

• The recommended version to which the component should be updated to mitigate the vulnerability.

• A description of the vulnerability which often includes technical details of the issue.

• References to the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) for more information.

• Metadata such as the date when the vulnerability was published and last modified.