52% of CISOs and AppSec executives are willing to replace SCA.

63% of mid-sized AppSec teams (11–50 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

58% of large AppSec teams (50 members or more) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as a major pain point.

38% of small AppSec teams (1–10 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

There has been a 67% increase in the number of organisations performing software composition analysis (SCA) on code repositories.