Scan open source

Veracode Software Composition Analysis (SCA) helps you build an inventory of your third-party components to identify malicious libraries and vulnerabilities in your open-source libraries and commercial code.

Veracode SCA scans compile a list of libraries in an application, then identify known vulnerabilities and malicious packages in each library. Veracode determines the list of libraries, vulnerabilities, and malicious packages at the time of the scan. However, Veracode can also notify you of newly announced vulnerabilities and malicious packages that impact your applications without requiring a new scan.

Veracode SCA legal disclaimer

Veracode, Inc. (“Veracode”) does not provide legal advice. Please be aware that your use of the Veracode solution does not serve as a substitute for your compliance with any applicable laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, or executive order (collectively, (“Laws”))) or any contractual obligations with any third parties. You are responsible for consulting an independent legal counsel regarding any such Laws or contractual obligations. Use of the Veracode solution does not serve as a substitute for your own assessment of business risks associated with the software licenses identified by Veracode.

Veracode SCA legal disclaimer​

Did you find this helpful?

Veracode SCA legal disclaimer