Dependency Scanning, also known as Software Composition Analysis (SCA), automatically identifies known security vulnerabilities in your project’s third-party dependencies and libraries. It scans dependency manifest files (like package.json
, requirements.txt
, pom.xml
) and provides detailed vulnerability information including CVE identifiers, CVSS scores, and remediation guidance.
package.json
, requirements.txt
, pom.xml
) and provides detailed vulnerability information including CVE identifiers, CVSS scores, and remediation guidance.