[{"data":1,"prerenderedAt":112},["ShallowReactive",2],{"glossary-page-\u002Fglossary\u002Fsoftware-composition-analysis":3},{"id":4,"title":5,"body":6,"description":100,"extension":101,"meta":102,"navigation":107,"path":108,"seo":109,"stem":110,"__hash__":111},"docs\u002Fglossary\u002Fsoftware-composition-analysis.md","Software Composition Analysis",{"type":7,"value":8,"toc":92},"minimark",[9,15,20,27,31,34,60,64,67,71],[10,11,12],"glossary-title",{},[13,14,5],"p",{},[16,17,19],"h2",{"id":18},"what-is-software-composition-analysis","What Is Software Composition Analysis?",[13,21,22,26],{},[23,24,25],"strong",{},"Software Composition Analysis (SCA)"," is the practice of identifying and monitoring open-source components and their security, compliance, or license risks.",[16,28,30],{"id":29},"why-software-composition-analysis-matters","Why Software Composition Analysis Matters",[13,32,33],{},"SCA helps teams:",[35,36,37,44,49,54],"ul",{},[38,39,40,43],"li",{},[23,41,42],{},"understand dependency risk",",",[38,45,46,43],{},[23,47,48],{},"find vulnerable packages",[38,50,51,43],{},[23,52,53],{},"improve supply chain visibility",[38,55,56,59],{},[23,57,58],{},"support governance and compliance decisions",".",[16,61,63],{"id":62},"how-oobeya-uses-software-composition-analysis-context","How Oobeya Uses Software Composition Analysis Context",[13,65,66],{},"In Oobeya, SCA-related signals are valuable when engineering leaders want a broader view of quality and risk beyond pure delivery speed.",[16,68,70],{"id":69},"related-terms","Related Terms",[35,72,73,80,86],{},[38,74,75],{},[76,77,79],"a",{"href":78},"\u002Fglossary\u002Fsbom","SBOM",[38,81,82],{},[76,83,85],{"href":84},"\u002Fglossary\u002Fdevsecops","DevSecOps",[38,87,88],{},[76,89,91],{"href":90},"\u002Fglossary\u002Fstatic-application-security-testing","Static Application Security Testing",{"title":93,"searchDepth":94,"depth":94,"links":95},"",2,[96,97,98,99],{"id":18,"depth":94,"text":19},{"id":29,"depth":94,"text":30},{"id":62,"depth":94,"text":63},{"id":69,"depth":94,"text":70},"Software Composition Analysis (SCA) is the practice of identifying and monitoring open-source components and their security or license risks.","md",{"category":103,"tags":104},"S",[105,85,106],"Security","Concept",true,"\u002Fglossary\u002Fsoftware-composition-analysis",{"title":5,"description":100},"glossary\u002Fsoftware-composition-analysis","1XlTRH0b908a1GkTW3YnwWeFLDhx87h9DtZ1IAxa1xw",1776167601016]