SCA was born out of necessity. How else could innovators discover, identify, and track open source software (OSS) components within their applications? SCA may be best known for tracking capabilities, such as adherence to license requirements (e.g., “you can use this code, just buy me a beer”). Others value it for identifying security vulnerabilities inherent in open source projects (“Red alert! Red alert!”). Yet, the technology can do far more than that.
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/why-software-composition-analysis-sca-demands-precision