Software Composition Analysis
The Software Composition Analysis (SCA) Analyzer is a comprehensive solution designed to provide security and development teams with complete visibility into software dependencies, supply chain risks, and licensing compliance across their application portfolio. It delivers detailed dependencies overview by cataloging all direct and transitive dependencies, tracking their versions, and monitoring for outdated components that may introduce security or operational risks. The analyzer excels at identifying vulnerable dependencies by correlating component inventories with known CVE databases, threat intelligence feeds, and security advisories to highlight packages that require immediate attention or updates. It provides robust license compliance capabilities, analyzing the legal obligations and restrictions associated with open source components to help organizations avoid licensing violations and maintain legal compliance. The platform offers advanced supply chain risk assessment by evaluating the trustworthiness, maintenance status, and security posture of dependencies to identify potentially malicious or abandoned packages that could compromise application security. Additionally, it supports comprehensive SBOM generation and management, creating standardized software bills of materials in multiple formats (SPDX, CycloneDX) that support regulatory compliance, vendor requirements, and security analysis workflows. Through continuous monitoring and intelligent risk assessment, Software Composition Analysis Analyzer enables organizations to maintain secure, compliant, and well-managed software supply chains while reducing the risks associated with third-party dependencies.
Sightline: Package Impact Analysis
The Package Impact Analysis sightline offers insights into package vulnerabilities and their impact.
Widgets:
Sightline: Package Dependency Overview
The Package Dependency Overview sightline highlights dependencies and their vulnerabilities.
Widgets:
Sightline: Vulnerability Impact Analysis
The Vulnerability Impact Analysis sightline provides a consolidated view of vulnerabilities.
Widgets:
Sightline: License Analysis
The License Analysis sightline focuses on compliance and licensing policies.
Widgets:
Sightline: CheckMarx Vulnerability Analysis
The CheckMarx Vulnerability Analysis sightline provides comprehensive insights into static application security testing (SAST) results from CheckMarx scans, enabling teams to track and remediate vulnerabilities across different severity levels.
Widgets:
Sightline: SAST Vulnerabilities Analysis
The SAST Vulnerabilities Analysis sightline provides comprehensive insights into Static Application Security Testing (SAST) results across repositories, enabling teams to identify and remediate code security issues.
Widgets:
Last updated
Was this helpful?