Per Gartner, “Growing risks and ubiquitous use of open-source software in development make software composition analysis essential to application security. Security and risk management leaders must expand the scope of tools to include detection of malicious code, operational and supply chain risks.”
Everything You Need to Know About the SCA Market Is in This Guide.
- Software composition analysis (SCA) products analyze homegrown applications during the development process to detect embedded open-source software (OSS) and, sometimes, commercial off-the-shelf components.
- Gartner estimates fewer than 50% of organizations have adopted SCA tools, although adoption will continue to increase steadily, given new market drivers.
- Some of the key drivers for adopting SCA are requirements for software bill of materials (SBOM) and enhanced OSS governance.
- Gartner recommends selecting an SCA vendor based on their technology coverage — the languages, frameworks, and open source ecosystems to be evaluated.
- Evaluation criteria should also include the vendor’s ability to aid in the identification of potential remediation or mitigation steps.
Gartner Market Guide for Software Composition Analysis, Dale Gardner, Joerg Fritsch, 14th September 2021.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.