How to Run SCA Scan

Modified on Tue, 4 Jun at 9:57 PM


Software Composition Analysis (SCA) helps detect security vulnerabilities by analyzing the components and dependencies within your application. This guide details how to initiate and complete a SCA scan using version control platforms like GitHub, GitLab, and Bitbucket.


  1. You should be signed in with If not, please refer to our guide on creating a account.

  1. Access to a repository on version control platforms that you wish to scan. Ensure you have administrative privileges to configure scans.

Step 1:  Click on  “Applications” on Navbar.

Step 2: Click the green “SCAN” button on the left side of the page, and choose a version control platform, here we will choose “GitHub” to proceed further.

Scan Public Repositories : 

Step 1: Add Repositories 

Follow this flow

  1. Input the URL of the repository or repositories you want to scan.
  2. Press “Enter” on keyboard
  3. Select the branches for the scan from the list that appears after clicking on “Select branch” .
  4. Press the green Scan repo button to begin scanning the selected repositories.

Step 2:  Identify the SCA scan report

Step 3: Review the Results

Once your scan is complete, the interface will display a summary of the findings. To delve deeper into the specific vulnerabilities identified during the scan, click on the name of your project (e.g., "vulnado-test"). This action will take you to a detailed overview of each finding.

For a comprehensive understanding of your SAST scan results, please visit the Results page.

To know how to scan private repos, please visit here.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article