SCA Tool makes it easy to watch over the open source code in your products. For each dependency you declare, SCA Tool watches the available vulnerability databases and as soon as a vulnerability becomes known, will alert you to the potential problem.
Related: Concerns about supply chain security are everywhere.
For this, SCA Tool analyses the full dependency graph and identifies each library your are using and checks it against the vulnerability databases. SCA Tool then analyses the severity of the problem (the attack surface) and recommends specific action based on the analysis.