Skip to main content

Scan open source code

Veracode Software Composition Analysis (SCA) helps you build an inventory of your third-party components to identify vulnerabilities, including open-source and commercial code.

Veracode SCA scans compile a list of libraries in an application, then identify the known vulnerabilities in each library. Veracode determines the list of libraries and vulnerabilities at the time of the scan. However, Veracode can also notify you of newly announced vulnerabilities that impact your applications without requiring you to perform a new scan.