Software Composition Analysis (SCA) - CI/CD Glossary Definition
SCA scans your dependencies for known vulnerabilities and license risks.
SCA inventories a project's open-source and third-party dependencies and checks them against known vulnerability and license databases to flag risky components.
SCA scans your dependencies for known vulnerabilities and license risks.
In CI
SCA reads lockfiles and manifests on each build, so a newly disclosed CVE in a transitive dependency can fail the pipeline the next time it runs.
Related guides
Dependency Scanning - CI/CD Glossary DefinitionDependency Scanning: Dependency scanning examines a project's declared and transitive libraries against vulne…
Software Bill of Materials (SBOM) - CI/CD Glossary DefinitionSoftware Bill of Materials (SBOM): An SBOM is a formal, machine-readable inventory of all components, librari…
CVE - CI/CD Glossary DefinitionCVE: A CVE (Common Vulnerabilities and Exposures) is a unique public identifier, formatted like CVE-2024-1234…