Black Duck SCA is a software composition analysis tool that identifies and manages security, quality, and license compliance risks in open source and third-party code. The product uses multiple scan technologies to detect dependencies across different formats and stages of development. The tool performs dependency analysis to identify direct and transitive dependencies declared by package managers. Binary analysis detects dependencies in post-build artifacts without requiring access to source code. Codeprint analysis identifies AI models and dependencies in source files and directories, even when not declared by package managers. Snippet analysis matches code snippets, including AI-generated code, back to their original open source projects. Black Duck SCA scans software, source code, artifacts, containers, and firmware to provide visibility into open source components. The product includes Black Duck Security Advisories to help teams identify vulnerabilities, assess risk, and drive remediation efforts. The tool integrates across the software development lifecycle, allowing teams to define open source policies and enforce them automatically at every development stage. It supports developers during code development, enables DevOps teams to automate scans within CI pipelines, and allows security teams to inspect components before deployment and receive security alerts afterward. Black Duck SCA generates Software Bills of Materials (SBOMs) to help organizations meet industry and customer requirements for secure development standards.