Labrador SCA (Software Composition Analysis) is a tool developed by Labrador Labs that automates the detection of open source software (OSS) vulnerabilities and license risks across source code, binaries, and container software. Analysis Targets: - Source code - Binary files - Container software How It Works: - Step 1 (Input): Software is submitted via cloud or on-premise services through source code, ZIP file, or CLI for scanning by the Labrador Scanner. - Step 2 (Detect): The Labrador Engine extracts component information to generate an accurate SBOM. Using patented CENTRIS and VUDDY technologies, vulnerabilities and license violations are detected with up to 93% accuracy. - Step 3 (Correct): Vulnerabilities and license issues are addressed through an Organization Policy Management system, supporting patch backporting and license management. Key Capabilities: - 3-layer analysis at component, file, and function levels using patented VUDDY technology - Zero-day vulnerability detection via patented XVDB technology - AI-assisted verification for vulnerability and license detection - Labrador Patch Priority (LPP) system for severity-based patch prioritization and pinpoint patch backporting - SBOM generation in SPDX and CycloneDX international standard formats - Organization-level customizable vulnerability management policies - Open source governance and license compliance management with automated policy document generation - Supports 150+ programming languages, 10+ package managers, and 10+ CI/CD tools - Available as SaaS or on-premise (including a dedicated Labrador Appliance hardware device) - Analysis input methods include CLI, repository URL, and ZIP upload - Integration with SDLC and CI/CD pipelines