---
type: "term"
title: "SCA (Software Composition Analysis)"
description: "Automated tools that identify open source and third party components in a codebase, flagging known vulnerabilities and license compliance issues."
resource: "tlctc:term:sca-software-composition-analysis"
tags:
  - "glossary"
---
# SCA (Software Composition Analysis)

Automated tools that identify open-source and third-party components in a codebase, flagging known vulnerabilities and license compliance issues. In TLCTC: SCA is a preventive control for `#10 Supply Chain Attack`, enabling detection of vulnerable or malicious dependencies before they are integrated into production systems.

See also: Supply Chain Attack (#10), SBOM