A development team suspects that a widely used third-party library in their web-based system may include a flaw. Which scanning approach identifies hidden issues in the external library?
Capturing responses through a web crawler
Examining syntax with a static code approach
Profiling runtime behavior with an interactive agent
Analyzing external components using a software composition tool
Software composition analysis compares libraries and their versions against publicly accessible vulnerability lists. This method focuses on external components, helping discover if a particular library release includes a flaw. Methods like crawling web pages, analyzing code syntax, and studying application behavior focus differently, so they fall short in detecting library-specific flaws.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Software Composition Analysis (SCA)?
Open an interactive chat with Bash
Why are third-party libraries a potential security risk?