Software Composition Analysis (SCA) tool in the code repository (repo)

Integrating SCA Tools in Code Repositories for Continuous Security

Explore Smarter Security with Contrast SCA

What is SCA in the repo?

What is SCA in the repo?

What is repository level SCA? When a Software Composition Analysis (SCA) tool scans a repository, it is looking for known vulnerabilities in the repository’s software components. If the SCA tool finds a vulnerability, it will report the vulnerability to the organization that owns the repository. The organization can then take steps to fix the vulnerability or to mitigate the risk posed by the vulnerability.

Contrast Security offers SCA both in the code repository as well as in application runtime.

Contrast has introduced SCA into the code repository because it’s well-established that these third-party dependencies are riddled with known and latent security vulnerabilities. This security risk carries over into the applications that use these vulnerable packages.

Learn More About Contrast SCA

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Contrast Incident Response Hub

Software Composition Analysis (SCA) tool in the code repository (repo)

Table of Contents

What is SCA in the repo?