Invicti SCA enables users to track and secure open-source components to reduce security risk.

February 28, 2022

3 Min Read


AUSTIN, TX – Feb. 28, 2022 – With headline-grabbing vulnerabilities such as Log4Shell drawing attention to the risks presented by open-source components, organizations increasingly need application security programs that address this risk. Today, Invicti Security™ announced its software composition analysis offering, purpose-built to support companies in tracking, scanning, and securing the open-source components within their applications.

With every company now a software company, developers are under more pressure than ever to rapidly release innovative features and functionality that help them maintain speed to market. Because of this, usage of open-source components has soared over the past half-decade. According to ESG, 80% of organizations report that more than a quarter of their codebases are dependent on open source.

However, according to the same research from ESG, less than half of organizations (48%) have specific security controls to scan for open-source vulnerabilities. Because open-source software has a distributed development model, it can inadvertently introduce significant vulnerabilities that in-house teams may miss.

Invicti SCA was developed to help teams mitigate open-source risks without impeding their pace of innovation. It does so by:

  • Detecting all open-source components and where they are in use across the entire application portfolio

  • Providing remediation guidance when a vulnerability is identified and identifying the most up-to-date version of the software to prevent vulnerabilities from being introduced into production

  • Blending DAST + IAST and SCA, test coverage is maximized in a single scan, enabling comprehensive analysis of the application’s security risk posture in a single pane of glass.

Invicti is the only company that offers DAST, IAST and SCA testing in one scan and provides consolidated results. With a shortage of security skills and the need to rapidly release new functionality, customers can integrate the Invicti platform into their CI/CD pipeline, ticketing systems, and other development tools once and get a comprehensive view of their application security risk before it goes into production.

“Open-source components have changed the game for software development and power many of the consumer and enterprise applications we rely on today,” said Invicti Chief Product Officer Sonali Shah. “Thanks to their growing ubiquity, they have also become increasingly attractive targets for threat actors. We’ve introduced SCA to the Invicti platform to help modern DevSecOps teams secure open-source software at the speed of innovation.”

Invicti SCA is now generally available for PHP, Node.js, Java, and .NET applications. For more information, please visit

About Invicti Security

Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and powerful automation and integrations enable customers to achieve broad coverage of even thousands of applications. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes all over the world. For more information, visit our website or follow us on LinkedIn.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights