SCA stands for software composition analysis. This technique identifies dependencies or third-party libraries used by an application and evaluates their security. Therefore, it is a basis to generate a software bill of materials (SBOM).
In the SCA scan, Fluid Attacks tests whether the application complies with the following security requirements:
Fluid Attacks' scanner uses the following sources to obtain the CVEs in reported security advisories and thus be able to report their existence in the applications under assessment: