SCA (Software Composition Analysis)

This section introduces Invicti ASPM’s Software Composition Analysis (SCA) capabilities for identifying security and compliance risks in open-source and third-party dependencies. It describes how dependencies are analyzed, how scans are triggered, and how findings are evaluated within the platform.

SCA includes CVE-based dependency analysis, license compliance checks, and Software Bill of Materials (SBOM) generation to provide visibility into application dependencies and associated risks throughout the development lifecycle.