Skip to content
Latchkey

Software Composition Analysis (SCA) - CI/CD Glossary Definition

SCA scans your dependencies for known vulnerabilities and license risks.

SCA inventories a project's open-source and third-party dependencies and checks them against known vulnerability and license databases to flag risky components.

SCA scans your dependencies for known vulnerabilities and license risks.

In CI

SCA reads lockfiles and manifests on each build, so a newly disclosed CVE in a transitive dependency can fail the pipeline the next time it runs.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →