Software Composition Analysis
SCA tools inventory the open source libraries and other third-party components inside an application, then flag known vulnerabilities and license risks in those dependencies. Since most modern codebases are largely made of open source, a single outdated library can expose the whole app, as incidents like Log4Shell showed. SCA typically runs in CI on every build so risky dependencies are caught before release.