21 lines
672 B
Markdown
21 lines
672 B
Markdown
---
|
||
title: "SCA(软件成分分析)"
|
||
type: concept
|
||
tags: [安全, 依赖, 开源]
|
||
sources: [what-is-devsecops-best-practices-benefits-and-tools]
|
||
last_updated: 2026-04-16
|
||
---
|
||
|
||
## Definition
|
||
SCA(Software Composition Analysis)专注于分析应用程序使用的第三方组件(库和框架),识别已知安全漏洞和许可证合规问题。
|
||
|
||
## Characteristics
|
||
- 在开发早期(计划/设计阶段)使用
|
||
- 检测开源依赖中的已知漏洞
|
||
- 验证许可证合规性
|
||
- 常用工具:Snyk、OWASP Dependency Check
|
||
|
||
## Connections
|
||
- [[DevSecOps]] ← uses ← [[SCA]]
|
||
- [[CI-CD-流水线]] ← integrates ← [[SCA]]
|
||
- [[SDLC]] ← embeds ← [[SCA]] |