# Open Source Dependencies (SCA)

> Open Source Dependencies checks open-source libraries for known vulnerabilities and supply-chain risk.

Source: https://fmcybersecurity.com/en/products/aikido/open-source-dependencies-sca/
Locale: English
Other locale: https://fmcybersecurity.com/products/aikido/open-source-dependencies-sca/

Open Source Dependencies (SCA) inspects the third-party libraries a project relies on. It checks them for known vulnerabilities, supply-chain risk, and malicious packages.

## What it is

SCA stands for Software Composition Analysis. Most applications include many open-source components, and each one can carry a known vulnerability. This module maps those dependencies and compares them against vulnerability data.

## Key capabilities

- Checks open-source libraries for known vulnerabilities.
- Identifies supply-chain risk in dependencies.
- Flags malicious packages.
- Covers both direct and indirect dependencies.
- Helps prioritize which findings need attention.

## Who it's for

It fits teams that build software on top of open-source libraries. It helps engineers understand the risk their dependencies bring in. It suits any project that pulls in third-party code.

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt