SCA

Software Composition Analysis (SCA) is a program which reads and reviews the source code of an application to find software supply chain issues. SCA tools determine which 3rd party libraries are used in the analyzed software. For each utilized library, the tools will determine the library's license and the version of that library included in the application. Using the gathered information, SCA tools can compare discovered licenses against approved licenses, determine if the library is out of date or contains vulnerabilities and if new versions of that library exist.