A development team suspects that a widely used third-party library in their web-based system may include a flaw. Which scanning approach identifies hidden issues in the external library?
Analyzing external components using a software composition tool
Capturing responses through a web crawler
Profiling runtime behavior with an interactive agent
Software composition analysis compares libraries and their versions against publicly accessible vulnerability lists. This method focuses on external components, helping discover if a particular library release includes a flaw. Methods like crawling web pages, analyzing code syntax, and studying application behavior focus differently, so they fall short in detecting library-specific flaws.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Software Composition Analysis (SCA)?
Open an interactive chat with Bash
Why are third-party libraries a potential security risk?