SCA (Software Composition Analysis)
Dependency vulnerability scanning
SCA analyzes open-source dependencies for known CVE vulnerabilities using a database covering more than 200,000 known issues. It uses reachability analysis to determine whether vulnerable code is actually invoked in the production version of the application, reducing noise by 95%. The system automatically tracks the full dependency tree. It integrates with most popular package managers, such as npm, pip, Maven, Gradle, Bundler, Composer, and Go modules, as well as many others.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- Dependency scanning for over 16 package ecosystems with a database of more than 200k CVEs
- Tracking transitive dependencies up to 10 levels deep with dependency tree visualization
- Reachability analysis determining actual runtime use of vulnerable code
- Automatic update suggestions with compatible versions and changelogs
- SBOM generation in CycloneDX and SPDX formats for compliance purposes
Business benefits
- Reduction of alert noise by over 95% thanks to reachability analysis
- Reduction of dependency audit time from days to minutes
- Protection against supply chain attacks such as event-stream or ua-parser-js
- Automation of SBOM compliance requirements
- Reduction of remediation costs by over 60% through risk-based prioritization
Why Aikido?
A comprehensive application security platform designed for developers. Aikido combines SAST, DAST, SCA, secret scanning, and container security in a single tool, integrating seamlessly with the CI/CD pipeline. The platform prioritizes vulnerabilities and eliminates false positives.
Need SCA (Software Composition Analysis) in your organization?
As a certified Aikido partner, we'll help you deploy and configure the solution.