The Software Composition Analysis Node lists all third-party components detected by Netsparker Shark (IAST) in your web application.
- As Netsparker Shark (IAST) has access to information about installed software packages, it can immediately identify all third-party components that you use for your web application.
- During the scan, Netsparker identifies these components in your web application and lists them in the Knowledge Base panel.
- So, security and technical personnel can refer to the list to make sure that all third-party components are up to date and have no known vulnerabilities.
Once the scan is completed, all components are listed under the Software Composition Analysis node in the Knowledge Base. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Netsparker forms Knowledge Base nodes on its findings. If the Software Composition Analysis (SCA) node is not listed, it means that Netsparker Shark (IAST) did not detect any third-party components.
How to view the Software Composition Analysis (SCA) Node in Netsparker Standard
- Open Netsparker Standard
- Start a Scan or open a previously saved scan.
- The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, select the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)
- Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
- Select the Software Composition Analysis (SCA) node in the Knowledge Base. All detected third-party components are displayed in the Knowledge Base Viewer.
Netsparker highlights all out-of-date and vulnerable components in red. It provides the package name, its version, and its vulnerabilities.