Developers Need Smarter SCA Tools to Fight Software Supply Chain Attacks
Too Long; Didn't Read
Software composition analysis (SCA) tools render too many false positives. SCA based on code matching will only find components integrated into a software stack without modification. Pattern recognition and intelligent analysis is needed for components that have been modified in irregular ways. The Apona platform claims to utilize intelligent pattern recognition and deep scanning across file, component, and function levels, detecting OSS with near 100% accuracy.