Invicti Security Adds Software Composition Analysis to Its Industry-Leading AppSec Platform

AUSTIN, TX – February 28, 2022 – With headline-grabbing vulnerabilities such as Log4Shell drawing attention to the risks presented by open source components, organizations increasingly need application security programs that address this risk. Today, Invicti Security™ announced its software composition analysis offering, specifically designed to help companies track, analyze and secure open source components within their applications.

Since every business is now a software company, developers are under more pressure than ever to quickly launch innovative features and functionality that help them maintain speed to market. For this reason, the use of open source components has exploded over the last half-decade. According to the ESG80% of organizations report that more than a quarter of their code bases depend on open source.

However, according to the same ESG study, less than half of organizations (48%) have specific security controls in place to check for open source vulnerabilities. Because open source software has a distributed development model, it can inadvertently introduce significant vulnerabilities that internal teams may miss.

Invicti SCA was developed to help teams mitigate open source risk without hampering their pace of innovation. It does this by:

  • Detect all open source components and where they are used across the entire application portfolio
  • Provide remediation guidance when a vulnerability is identified and identify the most recent version of software to prevent vulnerabilities from being introduced into production
  • By combining DAST + IAST and SCA, test coverage is maximized in a single analysis, allowing a complete analysis of the application’s security risk posture in a single window.

Invicti is the only company to offer DAST, IAST and SCA tests in a single analysis and to provide consolidated results. With a shortage of security skills and the need to quickly release new features, customers can integrate the Invicti platform into their CI/CD pipeline, ticketing systems and other development tools once and get a full view of their application’s security risk before it goes into production.

“Open source components have been a game changer for software development and power many of the consumer and enterprise applications we rely on today,” said Sonali Shah, product manager at Invicti. “Thanks to their increasing ubiquity, they have also become increasingly attractive targets for threat actors. We introduced SCA to the Invicti platform to help modern DevSecOps teams secure open source software at the speed of innovation.

Invicti SCA is now generally available for PHP, Node.js, Java, and .NET applications. For more information, please visit

About Invicti Security

Invicti Security transforms the way web applications are secured. An AppSec leader for over 15 years, Invicti enables organizations across all industries to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and powerful automation and integrations allow customers to achieve broad coverage of thousands of applications. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes worldwide. For more information visit our website or follow us on LinkedIn.