Skip to content

Software Composition Analysis (SCA)


Software Composition Analysis (SCA) is a crucial tool for strengthening software applications against vulnerabilities originating from third-party dependencies. BoostSecurity integrates advanced SCA capabilities to empower development and security teams to comprehensively manage and secure the components and libraries utilized within their applications.

BoostSecrity provides the following SCA tools for use in your organizations:

Scanner registry_module name Pull Request Flow Configuration Description
Snyk boostsecurityio/snyk-test yes - The Snyk module scans the project package dependencies for vulnerabilities, using the snyk Command Line Interface (CLI) tool with command test for SCA.
Bundler Audit boostsecurityio/bundler-audit yes GEMFILE_LOCK The bundler audit module scans the Ruby project's dependencies for vulnerabilities using the bundler-audit scanner. The optional environment variable GEMFILE_LOCK can be set to check a custom Gemfile.lock file
NPM Audit boostsecurityio/npm-audit yes NPM_AUDIT_ARGS The npm audit module scans the Nodejs project's dependencies for vulnerabilities, using the npm audit scanner. The optional environment variable NPM_AUDIT_ARGS can be set for npm audit options.
Safety boostsecurityio/safety yes - The Safety module scans the Python project's dependencies for vulnerabilities using the safety scanner.
Nancy boostsecurityio/nancy yes NANCY_ARGS, GOPKG_LOCK, GO_LIST_PATH The Nancy module scans the GoLang project's dependencies for vulnerabilities using the Nancy scanner. The optional environment variables can be set: NANCY_ARGS enables to set the Nancy scanner arguments; GOPKG_LOCK can set the GoLang package lock file with a default value of Gopkg.lock; GO_LIST_PATH the path where the list of modules is located, the default value is .nancy-go-list.json