Software Composition Analysis

With the software composition analysis (SwCA) feature, cloud agents discover and report software components and vulnerabilities associated with third-party or open-source dependent software used by Qualys applications.

You can schedule a SwCA scan or launch the scan on demand on agent assets to bring software component data to the Qualys platform. SwCA is supported only for Windows and Linux Platforms and can be activated only when the VM is activated for the agent.

Currently, the following software technologies are supported to detect software component data: Ruby, Node.js, Go, Rust, PHP, Python, Java Platform, and Standard Edition (Java SE).

To enable the SwCA feature, you must activate the SwCA module on a single or multiple agent hosts and then configure the SwCA Scan settings. For more information, see Qualys Cloud Platform Release Notes.

SwCA activated for assets:

SwCA activated for assets.

You can see detailed SwCA details from the Asset Details > Security > Software Composition tab. For more information, see SwCA details.