Scan open source code

Veracode Software Composition Analysis (SCA) helps you build an inventory of your third-party components to identify vulnerabilities and malicious libraries, including open-source and commercial code.

Veracode SCA scans compile a list of libraries in an application, then identify known vulnerabilities and malicious packages in each library. Veracode determines the list of libraries, vulnerabilities, and malicious packages at the time of the scan. However, Veracode can also notify you of newly announced vulnerabilities and malicious packages that impact your applications without requiring a new scan.