Test components via SCA
CVSS score adjustment
Software composition analysis (SCA) detects when open-source components and dependencies in your software project have associated CVE entries. Fluid Attacks understands that particular circumstances need to be present for these vulnerabilities to be ...
Vulnerability signature update
Vulnerability signature management applies to software composition analysis (SCA) tests. The external sources from which Fluid Attacks updates these signatures can be categorized into two groups: sources for container scanning and sources for ...
Find reachable dependency vulnerabilities
Fluid Attacks' static code scans detect third-party dependencies used in your software and verify whether it is actually using the dependencies' vulnerable functions. Ensuring that detected dependency vulnerabilities are actually reachable by threat ...
What is SCA?
Software composition analysis (SCA) is a security technique that automatically identifies third-party dependencies or libraries used by an application and evaluates their security. Therefore, the importance of SCA scans is mainly the following: ...