Safeguard your applications against vital vulnerabilities stemming from open-source software components with software composition analysis (SCA). Our SCA technology employs a constantly refreshed database to detect vulnerabilities introduced by such components.
HCL AppScan SCA seamlessly integrates into various stages of an application's life cycle. This empowers security teams, release managers, and others to rapidly assess components within specific folders or container/images. By doing so, they can identify packages with known vulnerabilities or potential licensing issues efficiently.
Cloud Security with Container Scanning
Cloud Security with Container Scanning
HCL AppScan has developed an innovative container scanning solution that uses our SCA (Software Composition Analysis) technology to scan all contents of a Docker container (or container image) without having to run the container.
Software Supply Chain Security
Software Supply Chain Security
Improving software supply chain security is critical to protecting your business. HCL AppScan SCA detects open-source packages, versions, licenses, and vulnerabilities, and provides an inventory of all of this data for comprehensive reporting.
Source Code Scanning
Source Code Scanning
HCL AppScan has built a proprietary database of open-source and third-party packages that our SCA tool uses for improved source code scanning. SCA locates and analyzes the packages in your software and compares them to the database with information from multiple sources including file hashes, binaries, and more.
The database aggregates information from a variety of sources, constantly monitoring for new vulnerabilities in an automated process that keeps our information up-to-date daily. Sources include the most popular security vulnerability databases (NVD, Github advisory, Microsoft MSRC), and a wide range of lesser-known security advisories and open-source project issue trackers.
A complete solution with SCA and SAST
A complete solution with SCA and SAST
HCL AppScan SCA can be automatically run in conjunction with static analysis (HCL AppScan SAST), allowing you to test for vulnerabilities in both your proprietary code and your third-party components, all at the same time.
SCA Throughout the SDLC
SCA Throughout the SDLC
HCL AppScan SCA can be integrated in numerous points in your application's development life cycle. Your developers can evaluate the open-source packages incorporated in their projects directly from the IDE (Integrated Development Environment).
Security and release managers can use the CLI and a GUI tools to quickly evaluate all the components in a specific folder or container/image to identify open-source packages.
Extensive plugins can be used for integration at other points in the pipeline and HCL AppScan's REST API helps define any additional integration/automation that is needed.
Featured Resources
HCL AppScan Provides Additional Cloud Security with New Container Scanning Capabilities
Hi, I am HCLSoftware Virtual Assistant.
