Skip to main content

Software Composition Analysis (SCA)

Software Composition Analysis, or SCA, is a Lacework Code Security offering that scans your dependencies for known vulnerabilities. SCA compares your dependencies against a list of known vulnerabilities from an external provider and then links to a trusted third-party page that describes the vulnerability. Lacework also offers Static Application Security Testing (SAST).

Lacework's Software Composition Analysis can be run using GitHub Actions, GitLab CI, BitBucket, or the Lacework CLI. Using the Lacework CLI, you can generate a Software Bill of Materials (SBOM).

For languages that Lacework SCA can scan for vulnerabilities, view the list of Supported SCA Languages.

note

SCA is currently in beta for select Lacework customers. Contact your Lacework Representative for more information.