Runtime SCA Findings

When reviewing the results of a scan, the Scan Details page provides information about the most vulnerable technologies (Runtime SCA) detected on the target. This document explains the information on the Runtime SCA Findings tab within the Scan Details page and instructions for generating an SCA report.

What are Runtime SCA Findings?

Runtime SCA (software composition analysis) findings show you all the technologies (libraries, frameworks, and server versions) used by a scanned target and highlights which of those technologies are out of date. For each out-of-date technology, Acunetix provides the version number you are using (Identified Version), the latest branch version, and the overall latest version, along with the highest CVSS rating of the vulnerabilities in each version. This information and the recommended action are intended to help you assess the risk for your organization and decide how you will mitigate the risk.

What are out-of-date technologies?

Out-of-date technologies are not considered active vulnerabilities (you will not find them in your vulnerabilities list) but rather items of interest picked up by the scanner that may pose a risk to your target due to using an older version.

Where can I find more information about the out-of-date technologies?

To view more information about an identified out-of-date technology:

  1. Go to the Scans page and click on the Target for a completed scan.

  1. Select the Runtime SCA Findings tab on the Scan Details page.

  1. Click on a technology listed in the Runtime SCA Findings table.

Acunetix now displays details of the known issues with the selected technology.

  • The CVSS Score section provides information about the vulnerabilities in each version.
  • If a CVE (Common Vulnerabilities and Exposures) number is listed, you can click on it to go to the relevant entry in the National Vulnerabilities Database.  

How to generate a Runtime SCA Report

The Runtime SCA Report can be generated for a particular scan or multiple targets. The report contains all available information about the identified out-of-date technologies.

To generate an SCA report:

  1. Select Scans from the left-side menu.
  2. Click the checkboxes on the left to select one or more scans for the report.
  3. Click Generate Report, then select SCA.

  1. The Reports page opens with your SCA Report listed in the table. From the Download column, select PDF or HTML, depending on your preferred format.

The download begins automatically. Once downloaded, you can open the report file from your downloads folder.


« Back to the Acunetix Support Page