Software Composition Analysis

With the software composition analysis (SwCA) feature, you will get real-time visibility into deeply embedded open-source software packages and commercial software components, such as Log4j, OpenSSL, and commercial software components leveraging the Qualys Cloud Agent. 

You can schedule a SwCA scan or launch the scan on demand on agent assets to bring software component data to the Qualys platform. SwCA is supported only for Windows and Linux Platforms and can be activated only when the VM is activated for the agent.

Currently, the following software technologies are supported to detect software component data: Ruby, Node.js, Go, Rust, PHP, Python, Java Platform, and Standard Edition (Java SE).

To enable the SwCA feature, you must activate the SwCA module on a single or multiple agent hosts and then configure the SwCA Scan settings. For more information, see Qualys Cloud Platform Release Notes.

SwCA activated for assets:

SwCA activated for assets.

You can see detailed SwCA details from the Asset Details > Security > Software Composition tab. For more information, see SwCA details.