SCA scan results

Features available in SCA scan results.

When you use the Software Composition Analysis (SCA) functionality of the AppScan on Cloud service, you can generate security analysis reports that make use of Intelligent Code Analytics (ICA). ICA automatically discovers new application programming interfaces (API) and assesses them for security impact. Through ICA, all third-party API and frameworks are reviewed and assigned the right security impact. This allows for more complete scan results. To learn more about ICA, see this article.

Note: ICA is currently only applied when scanning Java, C/C++, .NET, and PHP.

SCA assessments list findings by fix group. A fix group represents the most common node that grouped findings flow through. Typically, if a fix is implemented for a fix group, you can achieve the greatest effect for less work. A fix group can also be considered a logical grouping point wherein related findings can be reviewed at the same time. Note that a fix group may not be the exact place at which a fix should be placed. Future refactoring, code practices, and other factors might preclude using the fix group location for a fix.

Note: Each fix group displays a maximum number of 100 findings per vulnerability type.