Support
Knowledge Base Nodes

Software Composition Analysis (SCA) Node

This document is for:
Invicti Standard, Invicti Enterprise On-Demand

The Software Composition Analysis Node lists all third-party components detected by Invicti Shark (IAST) in your web application.

  • As Invicti Shark (IAST) has access to information about installed software packages, it can immediately identify all third-party components that you use for your web application.
  • During the scan, Invicti identifies these components in your web application and lists them in the Knowledge Base panel.
  • So, security and technical personnel can refer to the list to make sure that all third-party components are up to date and have no known vulnerabilities.

Once the scan is completed, all components are listed under the Software Composition Analysis node in the Knowledge Base. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.

Running the Software Composition Analysis? See Software Composition Analysis with Invicti Shark (IAST).

Invicti forms Knowledge Base nodes on its findings. If the Software Composition Analysis (SCA) node is not listed, it means that Invicti Shark (IAST) did not detect any third-party components.

How to view the Software Composition Analysis (SCA) Node in Invicti Enterprise
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Scans > Recent Scans.
  3. Next to the relevant website, select Report.
  4. Scroll down to the Technical Report section and select the Knowledge Base tab.
  5. Select the Software Composition Analysis (SCA) node. The information is displayed in the Software Composition Analysis (SCA) tab.

How to view the Software Composition Analysis (SCA) Node in Invicti Standard
  1. Open Invicti Standard
  2. Start a Scan or open a previously saved scan.
  3. The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, select the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)

  1. Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
  2. Select the Software Composition Analysis (SCA) node in the Knowledge Base. All detected third-party components are displayed in the Knowledge Base Viewer.

Invicti highlights all out-of-date and vulnerable components in red. It provides the package name, its version, and its vulnerabilities.