> For the complete documentation index, see [llms.txt](https://codethreat-sast.gitbook.io/codethreat-knowledge-center/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://codethreat-sast.gitbook.io/codethreat-knowledge-center/usage-guide/projects/sca-software-composition-analysis.md).

# SCA(Software Composition Analysis)

CodeThreat SCA designed to give teams an in-depth understanding of their project's dependencies. Our new information panel provides a transparent overview of open-source components, their licenses, and associated vulnerabilities, directly within your workflow

<figure><img src="/files/x54mCVltfctPB1QjJxO2" alt=""><figcaption></figcaption></figure>

* **Identify Issues Quickly:** Understand the specific vulnerabilities of third-party components in your code.
* **Actionable Solutions:** Receive clear guidance on resolving identified issues and keeping your dependencies secure.
* **SAST Issue Correlation:** See how SAST findings are related to third-party components, providing a holistic view of your project's security.

**Intelligent Fix Recommendations:** Our tool goes beyond the surface, providing the most effective version upgrades for a fix — not just the latest, but the best fit for your project.

* The library or component with a known vulnerability.
* The severity of the vulnerability categorized as Critical, High, Medium, or Low.
* The specific version of the component that is affected.
* The location where the affected component is found within the project's file structure.
* The recommended version to which the component should be updated to mitigate the vulnerability.
* A description of the vulnerability which often includes technical details of the issue.
* References to the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) for more information.
* Metadata such as the date when the vulnerability was published and last modified.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://codethreat-sast.gitbook.io/codethreat-knowledge-center/usage-guide/projects/sca-software-composition-analysis.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.