Content deleted Content added
Citation bot (talk | contribs) Removed URL that duplicated identifier. | Use this bot. Report bugs. | Suggested by Dominic3203 | Category:computers | #UCB_Category 19/31 |
move lead sentence to top, following Wikipedia house style |
||
Line 2:
{{Short description|Software Composition Analysis}}
'''Software composition analysis''' (SCA) is a practice in the fields of Information technology and software engineering for analyzing custom-built software applications to detect embedded open-source software and detect if they are up-to-date, contain security flaws, or have licensing requirements.<ref>▼
{{Cite journal▼
|last1=Prana|first1=Gede Artha Azriadi▼
|last2=Sharma|first2=Abhishek▼
|last3=Shar|first3=Lwin Khin▼
|last4=Foo|first4=Darius▼
|last5=Santosa|first5=Andrew E▼
|last6=Sharma|first6=Asankhaya▼
|last7=Lo|first7=David▼
|date=July 2021▼
|title= Out of sight, out of mind? How vulnerable dependencies affect open-source projects▼
|journal=Empirical Software Engineering▼
|volume=26▼
|issue=4▼
|pages=1–34▼
|publisher=Springer▼
|doi=10.1007/s10664-021-09959-3▼
|s2cid=197679660▼
|url=https://ink.library.smu.edu.sg/sis_research/6048▼
}}</ref>▼
==Background==
It is a common software engineering practice to develop software by using different components.<ref>
{{Cite journal
Line 83 ⟶ 105:
SCA strives to detect all the 3rd party components in use within a software application to help reduce risks associated with security vulnerabilities, IP licensing requirements, and obsolescence of components being used.
==Principle of operation==
▲'''Software composition analysis''' (SCA) is a practice in the fields of Information technology and software engineering for analyzing custom-built software applications to detect embedded open-source software and detect if they are up-to-date, contain security flaws, or have licensing requirements.<ref>
▲{{Cite journal
▲|last1=Prana|first1=Gede Artha Azriadi
▲|last2=Sharma|first2=Abhishek
▲|last3=Shar|first3=Lwin Khin
▲|last4=Foo|first4=Darius
▲|last5=Santosa|first5=Andrew E
▲|last6=Sharma|first6=Asankhaya
▲|last7=Lo|first7=David
▲|date=July 2021
▲|title= Out of sight, out of mind? How vulnerable dependencies affect open-source projects
▲|journal=Empirical Software Engineering
▲|volume=26
▲|issue=4
▲|pages=1–34
▲|publisher=Springer
▲|doi=10.1007/s10664-021-09959-3
▲|s2cid=197679660
▲|url=https://ink.library.smu.edu.sg/sis_research/6048
▲}}</ref>
SCA products typically work as follows:<ref>
| |||