SCA scan results
Features available in SCA scan results.
When you use the Software Composition Analysis (SCA) functionality of the AppScan on Cloud service, you can generate security analysis reports that make use of Intelligent Code Analytics (ICA). ICA automatically discovers new application programming interfaces (API) and assesses them for security impact. Through ICA, all third-party API and frameworks are reviewed and assigned the right security impact. This allows for more complete scan results. To learn more about ICA, see this article.
SCA assessments list findings by fix group. A fix group represents the most common node that grouped findings flow through. Typically, if a fix is implemented for a fix group, you can achieve the greatest effect for less work. A fix group can also be considered a logical grouping point wherein related findings can be reviewed at the same time. Note that a fix group may not be the exact place at which a fix should be placed. Future refactoring, code practices, and other factors might preclude using the fix group location for a fix.