# Open Source Libraries Scan (SCA)

{% embed url="<https://youtu.be/zcvgQsCkSs0>" %}

### Starting Scan

We can start an online scan by clicking on the **SCAN** button on top right

<figure><img src="https://lh6.googleusercontent.com/sF-IDM1q2a_FTcpYxw96oFPb4NET-L5ra-g_ZXRHfyAPQ9wY5Mt61evfSUuvCyr5716DR6_heUh0wgse7kNJLj4Y02-nqwiMRagwbtpxErEvXLjKujJikpvgMDFhTKytITYn6TiDFulljUL9p3tiGA01tikXmpfHiA9BkiUtfUD4umvXulqsEnVyPQ" alt=""><figcaption></figcaption></figure>

We choose Github for this example.

Once clicked get a repo to scan. For the demonstration purpose we take **Vulnado.**

<figure><img src="https://lh4.googleusercontent.com/4sSjKi0y9xjBnbJgzbSx_-zx_Kybl0sOHbEwHs0S2OssbR1EpE9HC-WwAsN3DnBn9sm7WOqQFziQTDwlFaCKi-_IxDC-T6--1tl1SSJwGrfXwMrMvqTdI9ZnjoMTUP9p2Wm0n-aTsfsu9HD_Rt5xliNx9lZ6AC1qVwiBfRhbzxRi3Zkl2UhyQjb2ZA" alt=""><figcaption></figcaption></figure>

We clone the repo and paste it like,

<figure><img src="https://lh6.googleusercontent.com/LyM0PZXOunevJ4_I5SJ2on5PH5_65L9-DpAQnGkNkM49yLLFhyTQVk-26Yt4R-6FKc38STvcISpE463zTHF1rxcQ4tBAQc03GPwXW9LgW1d0KDY2iprP6_da4KxYQs1k2YUJweHRIBC9GbUwEs-fd1_TAOANUxcDukEfvw-c4AfYVPsTF3mpFdSRyA" alt=""><figcaption></figcaption></figure>

Hit the green plus sign and scan

<figure><img src="https://lh6.googleusercontent.com/yMtUjPqFM2U7JnbuLsGaSs-rZiNl2rqrAmmizALSj083HceEBm4xmjpZyYnkaPdLEoE42Y2nRDfHzSTaXXlHp7xUNyjA6HbCmzaLsRA0dAEKnoLCHWDIKYDeRqH-2_fh6Prihov6KIRWSOdfR3lR-fUhCY27qp2b-7-TQNTfr5QUYgcxdzgqe7uo-Q" alt=""><figcaption></figcaption></figure>

Scan with start

<figure><img src="https://lh3.googleusercontent.com/2fpF5rif5jxsUCfCNZ8wiRIEgmUPpiwK4R2bMntDzbFMvVbsVYKLX5E1-yhWu0JSaeOmSaQ3iruQHAQh1Wvii7l_Ihkbma3OWzKnd_N1bUQuGeVQlElNndJBcf47wlWIGQ3Z4BlVCyKSltKauzxJUlPrC8DQzm6z_QQCdZDT4P2slTMeiObUGzTQFw" alt=""><figcaption></figcaption></figure>

Once online scans finishes we get the result like following

<figure><img src="https://lh6.googleusercontent.com/YpBd2CC37FNaab15MyHc1FpGLeTQf9aLSmufUSfX5vmVrIrmFELxGkNd3MoOcTpl11k3xzN5HkosYxgwQwt5eLt3vqPakIPfSdN8PKqFQS7M24ntxhOClPH-qpX2iwyfPfrvUgh3lOawLAebDv-OnHTuPjUTgnAwwq9W6TRsadIJf58WWTZJ02myLg" alt=""><figcaption></figcaption></figure>

Above picture shows that we scanned a project names “vulnado-test” which has our pom.xml (SCA JAVA) and other scans. Let’s dive into that.

Once you click on it you will be redirected to a page like following

<figure><img src="/files/pp9kFe8W8r2CyfkFhvHu" alt=""><figcaption></figcaption></figure>

Which will contain the following information about your SAST scan

```
  1) Project Scanned
```

Named of our current project. In this case vulnado-test

```
 2)  Scan Date
```

When scan was performed on which date and at what time

```
 3) User’s Email
```

Which user performed this scan, we show their email address

```
4) RuleId 
```

Which rule matched our sets of backend rules. We show that

```
5) Vulnerable Depedency 
```

Vulnerable dependencies with exact verion

```
6)Description of CVE 
```

More information about the vulnerability that dependency have

```
 7) Patch
```

How to fix that issue

```
  8) Filter Severity 

	      -  To filter your results based upon the criticality 
          
```

Once sca scan is done, we can patch the vulnerable dependencies directly from UI if Source Control (Github/ Gitlab/ Bitbucket) is configured and you know that repo.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.clouddefenseai.com/scans/open-source-libraries-scan-sca.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.