Why software composition analysis tools aren't enough
Historically, software composition analysis (SCA) tools were one primary way to get better visibility into open source security, maintenance, and licensing risk. But, by themselves, they are not enough.