SCA Remediation Guidance

Software Composition Analysis

The following guidelines can help you lower your application risk in Software Composition Analysis.

  • Download the latest version, or least-vulnerable version of the component.
    Note: The latest version of the component is not always the least vulnerable.
  • Replace the vulnerable component with a different component with similar functionality.
  • Use environmental controls to suppress application risk. If you are using the vulnerable portion of the component, try a workaround.
  • Mitigate the functionality of the vulnerability in the component.
  • Build your own secure component.