DerSecur Software Composition Analysis (SCA) is a tool designed to identify and manage risks associated with open-source components and software supply chains. The platform generates Software Bill of Materials (SBOMs) automatically by analyzing uploaded projects, eliminating the need for external SBOM generation tools. The tool provides visibility into third-party components and dependencies through a Dependency Tree Graph that visualizes direct and transitive dependencies, helping identify where vulnerable packages are located within project structures. It tracks open-source packages used across projects and identifies vulnerabilities in third-party components. DerSecur SCA includes a package health scoring system that assesses the security and reliability of open-source projects by combining multiple factors into a single metric. The platform evaluates license compliance of open-source packages to help mitigate legal risks related to licensing. The tool employs a hybrid SCA+SAST analysis approach that combines Software Composition Analysis with Static Application Security Testing to perform vulnerability reachability analysis. This method identifies exploitable CVEs and pinpoints risky method calls to determine actual security risks. DerSecur SCA uses PURL (Package URL) package naming for vulnerability identification and aggregates data from multiple sources including GitHub, GitLab, Google OSV, EPSS, and NIST NVD. The platform provides risk-based prioritization through data-driven health scores to help teams make informed decisions about component usage and remediation efforts.