Skip to main content
Skip table of contents

SCA Reachability

NOTE: This cluster of SCA Reachability articles is for customers using Mend.io’s Core application. Customers on the new Mend Platform should refer to the Mend Platform SCA Reachability articles.

General

The SCA Reachability is designed to support security champions and developers in significantly reducing the number of security vulnerabilities they must address. By focusing solely on vulnerabilities that are actually reachable, this feature streamlines the prioritization process, ensuring your efforts are directed where they matter most.

At its core, the Reachability Algorithm is engineered to assess whether a given vulnerability associated with an open-source library is reachable within the application's source code.

Navigate the Documentation

The following articles will help you learn more about Mend’s SCA Reachability, how to set it up and how to consume its results:

  1. SCA Reachability Scope

  2. SCA Reachability vs. Prioritize

  3. SCA Reachability - Technical Requirements & Limitations

  4. SCA Reachability in the Mend CLI

  5. Configure SCA Reachability for GitHub.com

  6. Configure SCA Reachability for GitHub Enterprise

  7. View your SCA Reachability Results in the Core Application UI

Security Aspects of Reachability Analysis

Our reachability analysis feature enhances your project's security by conducting a thorough review of dependencies within your codebase.

We analyze imports in your application's source code to identify the classes being utilized, generating a comprehensive relationship graph of these classes and associated files.

It's important to note that our reachability analysis process prioritizes your data security.

We only upload and cache metadata pertaining to your project, such as file and class names, and do not store any of your actual code.

This approach ensures that sensitive code details remain private and only relevant information is used to enhance the accuracy of our analysis, providing you with actionable insights while maintaining the highest standards of security and privacy.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.