Software composition analysis (SCA) identifies vulnerabilities introduced by open-source software components. The HCL AppScan SCA tool can be integrated at numerous points in the application's life cycle allowing security, release managers, and others to quickly evaluate all the components in a specific folder or container/image to identify packages with known vulnerabilities or problematic license agreements.


Quickly find, triage, and remediate critical vulnerabilities:

  • Cloud security with container scanning
  • Open-source meta scoring in developer experience
  • Continuously update vulnerability database
  • SCA and SAST scans can be run together in a single execution