SCA workflow
Overview of steps for Software Composition Analysis scanning.
The general steps for performing SCA scanning are as follows. Additional steps may be required to meet your scanning goals.
Note: Users must be assigned an appropriate role to perform SCA scanning. If
you are unsure whether your user role has appropriate permissions, consult your
organization's ASoC Administrator.
- Create an application.
- Decide which mechanism you will use to prepare files for scanning and set it up
accordingly:
- Static Analyzer Command Line Utility
- AppScan Go!
- a supported plugin
- Generate an IRX using your preferred method.
- Create and configure a scan.
- Review scan preferences.
- Run the scan.
- Review results.
- Triage and remediate issues.
- Repeat steps three through eight as needed.