Skip to content


Scanning identifies security and compliance issues by performing analysis on static artifacts. These issues can include aspects like software license compliance on third party dependencies, software component vulnerabilities, misconfigurations, and/or credentials baked into source code.

Scanning is a stand-alone capability but can also contribute to enabling the Software Composition Analysis capability.



Scanning can be used to identify the following types of security issues:

  • Vulnerabilities - identify known Common Vulnerabilities and Exposures (CVEs) in software components
  • Credential - detect embedded secrets, passwords, and/or credentials in code, or secrets output to logs
  • Code - identify susceptibility to attacks like SQL injection, cross-site scripting, and remote code execution


Scanning can be used to identify the following types of compliance issues:

  • License - identify potential compliance issues or organization policy violations surrounding third-party and open-source software components



Learn More