CodeScoring.SCA¶
General description¶
The CodeScoring.SCA module solves the problems of software inventory and vulnerability search in open source components. The main functional capabilities of the module include:
- Control at different stages of development lifecycle with the ability to check projects in the version control system;
- Integration of checks into the CI pipeline with blocking security policies using the console agent Johnny;
- Generating SBoM and visualization of the dependency graph;
- Analysis at different levels: manifest parsing, resolving transitive dependencies, build interception for C and C++, scanning Docker images;
- Tracking scan history with the ability to export results for reporting;
- Vulnerability reachability analysis.