For the complete documentation index, see /llms.txt. Markdown version of this page: /en/products/aikido/open-source-dependencies-sca.md.
EN / NB Contact us →
EN / NB

Consulting

MDR / SOC

Vulnerability Management

Identity

Compliance

AI Security

CrowdStrike

Aikido

Tenable

Idira (CyberArk)

Browse

Series

Events & resources

About us

Company info

Contact

Partners

Code

Open Source Dependencies (SCA)

Open Source Dependencies (SCA) inspects the third-party libraries a project relies on. It checks them for known vulnerabilities, supply-chain risk, and malicious packages.

What it is

SCA stands for Software Composition Analysis. Most applications include many open-source components, and each one can carry a known vulnerability. This module maps those dependencies and compares them against vulnerability data.

Key capabilities

  • Checks open-source libraries for known vulnerabilities.
  • Identifies supply-chain risk in dependencies.
  • Flags malicious packages.
  • Covers both direct and indirect dependencies.
  • Helps prioritize which findings need attention.

Who it’s for

It fits teams that build software on top of open-source libraries. It helps engineers understand the risk their dependencies bring in. It suits any project that pulls in third-party code.

Read more on Aikido

Questions or inquiry? [email protected] Contact us →