Building Your Own SCA Tool: Lessons from Tej null Hyderabad Meet 29 March 2025 Monthly Meet
Abstract
Software Composition Analysis (SCA) is crucial for securing dependencies, but existing tools often have limitations in accuracy, false positives, or ecosystem support. In this talk, we explore the core components of an SCA tool and walk through the journey of building Tej, an open-source SCA scanner for Node.js, integrating OpenSSF Scorecard and CVE detection. Attendees will learn the challenges in SCA, designing efficient scanners, and improving vulnerability detection beyond traditional tooling.
Speaker
Timing
Starts at Saturday March 29 2025, 11:15 AM. The sessions runs for about 1 hour.