Composition Analysis | VA Software Assurance

Skip to main content

VA Software Assurance

Home
Fortify
CodeQL
- CodeQL Usage
- CodeQL Errors
Snyk
- Snyk Usage
- Snyk Errors
Threat Modeling

This site uses Just the Docs, a documentation theme for Jekyll.

Fortify
Composition Analysis

These technical notes provide information on composition analysis:

Table of contents

Can my JavaScript dependencies be delivered bundled with webpack?
How do I audit findings in the Software Composition Analysis Report?
How do I resolve libraries not delivered?
How do I resolve the "Unable to determine Package-URL identifiers..." warning
How do I resolve transitive dependencies?
How do I scan my application with OWASP Dependency-Check on the command line?
Why do the results from running Dependency Check look different than the report I received?

GitHub at VA (part of VA OIT)
All content is available under Creative Commons Zero v1.0 Universal, except where otherwise stated.