What is SCA in the Repo
What is repository level SCA? When a Software Composition Analysis (SCA) tool scans a repository, it is looking for known vulnerabilities in the software components that are included in the repository. If the SCA tool finds a vulnerability, it will report the vulnerability to the organization that owns the repository. The organization can then take steps to fix the vulnerability or to mitigate the risk posed by the vulnerability.