Security News > 2025 > March > Dependency-Check: Open-source Software Composition Analysis (SCA) tool
2025-03-19 05:30
Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a match is found, the tool generates a report with links to the relevant Common Vulnerabilities and Exposures (CVE) entries, helping teams address security risks. Dependency-Check main components The tool is made up of four main components: Engine: The central controller that orchestrates the execution of … More → The post Dependency-Check: Open-source Software Composition Analysis (SCA) tool appeared first on Help Net Security.