{"id":4768,"date":"2026-07-10T11:12:12","date_gmt":"2026-07-10T10:12:12","guid":{"rendered":"https:\/\/euroone.hu\/?p=4768"},"modified":"2026-07-10T11:29:24","modified_gmt":"2026-07-10T10:29:24","slug":"sca-in-action-integrating-vulnerability-management-into-the-build-process","status":"publish","type":"post","link":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/","title":{"rendered":"SCA in action: integrating vulnerability management into the build process"},"content":{"rendered":"\n<p><a href=\"https:\/\/euroone.hu\/en\/understanding-your-software-ingredients-matters\/\" type=\"post\" id=\"4666\">In our previous article<\/a>, we explained why it is important to know which open-source and third-party components an application is built from. Software Composition Analysis (SCA), however, brings real value only when it becomes part of everyday development and security workflows. <\/p>\n\n\n\n<p>The key question is not only whether a vulnerable component exists. Teams also need to know when it appeared, <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>which build or branch introduced it,<\/li>\n\n\n\n<li>whether it is used at runtime,<\/li>\n\n\n\n<li>whether it can actually be exploited,<\/li>\n\n\n\n<li>and what should be done about it: fix, triage, exception handling, or release blocking.<\/li>\n<\/ul>\n\n\n\n<p><br>A well-structured SCA process helps answer these questions with evidence.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why integrate SCA into the pipeline?<\/h2>\n\n\n\n<p>Fast feedback is critical. If a vulnerable dependency is found days or weeks later, it is harder to connect the issue to a developer change. When SCA runs in CI\/CD, the team sees what risk a new build introduced.  <\/p>\n\n\n\n<p>Pipeline-based SCA can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>check packages in the build,<\/li>\n\n\n\n<li>detect direct and transitive vulnerabilities,<\/li>\n\n\n\n<li>link findings to the build and branch,<\/li>\n\n\n\n<li>stop the process based on policy,<\/li>\n\n\n\n<li>and require documented triage.<\/li>\n<\/ul>\n\n\n\n<p><br>A practical rollout starts with visibility, then tightens policies based on application criticality and team maturity. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The build gate is a checkpoint<\/h2>\n\n\n\n<p>A policy-based build gate prevents serious risks from moving forward unnoticed. If a pipeline fails because of a vulnerability, it means a decision is needed.  <\/p>\n\n\n\n<p>The team may:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>update the vulnerable package,<\/li>\n\n\n\n<li>modify the dependency chain,<\/li>\n\n\n\n<li>document a false positive,<\/li>\n\n\n\n<li>approve a temporary exception,<\/li>\n\n\n\n<li>or block the release if the risk is too high.<\/li>\n<\/ul>\n\n\n\n<p><br>Policies should reflect business context. A customer-facing critical application may need strict rules, while a less critical internal component may only need a warning.  <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Not every critical finding is exploitable<\/h2>\n\n\n\n<p>SCA tools may show that a vulnerable component is present, but that does not prove the application is exploitable. A package may be installed while the vulnerable function is not used. The finding is valid, but may not create a real attack surface. <\/p>\n\n\n\n<p>Developers and security teams must triage findings together. A false positive or exception must be documented with evidence:  <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>affected component,<\/li>\n\n\n\n<li>dependency path,<\/li>\n\n\n\n<li>vulnerable function,<\/li>\n\n\n\n<li>code path usage,<\/li>\n\n\n\n<li>reviewer and approver,<\/li>\n\n\n\n<li>exception validity.<\/li>\n<\/ul>\n\n\n\n<p><br>This supports audits, where the key question is what decision was made, why, and whether it can be traced. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Transitive dependencies can hide risk<\/h2>\n\n\n\n<p>Many serious vulnerabilities appear through transitive dependencies, not packages selected directly by developers. SCA helps uncover these hidden risks and shows: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>which direct package introduced it,<\/li>\n\n\n\n<li>which version is affected,<\/li>\n\n\n\n<li>whether a fixed version is available,<\/li>\n\n\n\n<li>and what update path is recommended.<\/li>\n<\/ul>\n\n\n\n<p><br>Often the safest fix is to update the direct dependency to a version that includes the corrected transitive component. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fix immediately or triage first?<\/h2>\n\n\n\n<p>Immediate patching is usually right when a compatible fix is available, the component runs at runtime, the issue is connected to an external attack surface, the vulnerability is critical or high severity, or a known exploit exists. <\/p>\n\n\n\n<p>More detailed triage is needed when there is no simple fix, the update may cause breaking changes, exploitability is unclear, or business context is needed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Advisory response: are we affected?<\/h2>\n\n\n\n<p>SCA remains valuable after the build. A component that is safe today may become critical tomorrow if a new advisory, vendor notice or threat intelligence alert appears.  <\/p>\n\n\n\n<p>Organizations must quickly identify: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>affected applications,<\/li>\n\n\n\n<li>versions in use,<\/li>\n\n\n\n<li>business criticality,<\/li>\n\n\n\n<li>external accessibility,<\/li>\n\n\n\n<li>and whether active exploitation is known.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key takeaway<\/h2>\n\n\n\n<p>SCA does more than find vulnerable components. Its real value is that it turns findings into prioritized, manageable and business-relevant tasks.  <\/p>\n\n\n\n<p>When integrated into CI\/CD, SCA shows where a risk enters the build and when the process must stop. Evidence-based triage shows what must be fixed, what needs deeper analysis, and what can be accepted as a documented exception. <\/p>\n\n\n\n<p>SCA becomes a control layer between development, security and business risk management.   <\/p>\n\n\n\n<p>Read the full article on our International subsidiary\u2019s website by clicking on the logo:<a href=\"https:\/\/socwise.eu\/ai-analyst-a-new-level-in-the-soc\/?utm_source=EO_blog&amp;utm_medium=clickthrough_Adam_Networkshop\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/socwise.eu\/why-ai-must-also-transform-security\/?utm_source=EO_blog&amp;utm_medium=clickthrough_AI_trans_sec\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/socwise.eu\/ai-in-soc-a-revolutionary-opportunity-or-just-another-technological-dead-end\/?utm_source=EO_blog&amp;utm_medium=clickthrough_EIVOK\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/socwise.eu\/lessons-learned-from-the-cybercon26-conference\/?utm_source=EO_blog&amp;utm_medium=clickthrough_cybercon26\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/socwise.eu\/hackers-may-have-compromised-the-github-accounts-of-thousands-of-users\/?utm_source=EO_blog&amp;utm_medium=clickthrough_megalodon_attack\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/socwise.eu\/not-enough-to-know-what-were-developingalso-need-to-know-what-its-made-of\/?utm_source=EO_blog&amp;utm_medium=clickthrough_SCA_article\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/socwise.eu\/sca-in-practice-vulnerability-management-becomes-part-of-the-build-process\/?utm_source=EO_blog&amp;utm_medium=clickthrough_SCA_webinar_2\" target=\"_blank\" rel=\" noreferrer noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"488\" height=\"329\" src=\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/10\/socwise-poweredArtboard-1@4x-100.jpg\" alt=\"\" class=\"wp-image-1534\" style=\"width:220px\" srcset=\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/10\/socwise-poweredArtboard-1@4x-100.jpg 488w, https:\/\/euroone.hu\/wp-content\/uploads\/2024\/10\/socwise-poweredArtboard-1@4x-100-300x202.jpg 300w\" sizes=\"auto, (max-width: 488px) 100vw, 488px\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Do you have any questions? Get in touch with our colleagues! <\/h3>\n\n\n\n<div class=\"wp-block-contact-form-7-contact-form-selector\">\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f3614-o1\" lang=\"en-US\" dir=\"ltr\" data-wpcf7-id=\"3614\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/4768#wpcf7-f3614-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"3614\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.4\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f3614-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<\/fieldset>\n<div class=\"flex gap-15 xl:gap-30\">\n\t<div class=\"input-parent w-full\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"text-940\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text appearance-none border border-707070 w-full mb-15 p-20 rounded-btn outline-none placeholder-1D1D1D text-lg\" aria-invalid=\"false\" placeholder=\"Name\" value=\"\" type=\"text\" name=\"text-940\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div class=\"inpit-parent w-full\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"text-89\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text appearance-none border border-707070 w-full mb-15 p-20 rounded-btn outline-none placeholder-1D1D1D text-lg\" aria-invalid=\"false\" placeholder=\"Company name\" value=\"\" type=\"text\" name=\"text-89\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n<\/div>\n<div class=\"flex gap-15 xl:gap-30\">\n\t<div class=\"input-parent w-full\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"email-952\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email appearance-none border border-707070 w-full mb-15 p-20 rounded-btn outline-none placeholder-1D1D1D text-lg\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"E-mail c\u00edm*\" value=\"\" type=\"email\" name=\"email-952\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div class=\"input-parent w-full\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"tel-713\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-tel wpcf7-text wpcf7-validates-as-tel appearance-none border border-707070 w-full mb-15 p-20 rounded-btn outline-none placeholder-1D1D1D text-lg\" aria-invalid=\"false\" placeholder=\"+36201234567\" value=\"\" type=\"tel\" name=\"tel-713\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n<\/div>\n<div class=\"input-parent w-full\">\n\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"text-588\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text appearance-none border border-707070 w-full mb-15 p-20 rounded-btn outline-none placeholder-1D1D1D text-lg\" aria-invalid=\"false\" placeholder=\"Subject\" value=\"\" type=\"text\" name=\"text-588\" \/><\/span>\n\t<\/p>\n<\/div>\n<div class=\"input-parent\">\n\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"textarea-235\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea appearance-none border border-accent-tertiary w-full mb-15 p-20 rounded-modest resize-none outline-none placeholder-1D1D1D text-lg\" aria-invalid=\"false\" placeholder=\"Massage\" name=\"textarea-235\"><\/textarea><\/span>\n\t<\/p>\n<\/div>\n<div class=\"input-parent mb-10 flex items-center\">\n\t<p><label class=\"flex items-start text-lg gap-10\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-902\"><span class=\"wpcf7-form-control wpcf7-acceptance optional\"><span class=\"wpcf7-list-item\"><input type=\"checkbox\" name=\"acceptance-902\" value=\"1\" class=\"mt-5 w-20 h-20 shrink-0\" aria-invalid=\"false\" \/><\/span><\/span><\/span> I would like to receive news about EURO ONE's business and professional activities. <\/label>\n\t<\/p>\n<\/div>\n<div class=\"input-parent mb-10 flex items-center\">\n\t<p><label class=\"flex items-start gap-10 text-lg\"><span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-463\"><span class=\"wpcf7-form-control wpcf7-acceptance\"><span class=\"wpcf7-list-item\"><input type=\"checkbox\" name=\"acceptance-463\" value=\"1\" class=\"mt-5 w-20 h-20 shrink-0\" aria-invalid=\"false\" \/><\/span><\/span><\/span> <span> I consent to the processing of my personal data. I have read the <a href=\"https:\/\/euroone.hu\/en\/data-protection-and-cookie-notice\/\">privacy policy<\/a>. My consent is valid until revoked. <\/span> <\/label>\n\t<\/p>\n<\/div>\n<p><input class=\"wpcf7-form-control wpcf7-submit has-spinner btn btn--sm mt-30 cursor-pointer\" type=\"submit\" value=\"K\u00fcld\u00e9s\" \/>\n<\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Critical open-source vulnerabilities can&#8217;t wait for reports. Learn how to integrate SCA into your pipeline for faster, auditable decisions. <\/p>\n","protected":false},"author":3,"featured_media":4767,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[87],"tags":[],"class_list":["post-4768","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SCA in action: integrating vulnerability management into the build process - EURO ONE<\/title>\n<meta name=\"description\" content=\"Critical open-source vulnerabilities can&#039;t wait for reports. Learn how to integrate SCA into your pipeline for faster, auditable decisions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SCA in action: integrating vulnerability management into the build process - EURO ONE\" \/>\n<meta property=\"og:description\" content=\"Critical open-source vulnerabilities can&#039;t wait for reports. Learn how to integrate SCA into your pipeline for faster, auditable decisions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/\" \/>\n<meta property=\"og:site_name\" content=\"EURO ONE Sz\u00e1m\u00edt\u00e1stechnikai Zrt.\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/euroone\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-10T10:12:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-10T10:29:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1201\" \/>\n\t<meta property=\"og:image:height\" content=\"631\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mancz\u00e1k Rich\u00e1rd\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mancz\u00e1k Rich\u00e1rd\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/\"},\"author\":{\"name\":\"Mancz\u00e1k Rich\u00e1rd\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/person\/a07dfdf169ad4d7ad526398a17dbcb96\"},\"headline\":\"SCA in action: integrating vulnerability management into the build process\",\"datePublished\":\"2026-07-10T10:12:12+00:00\",\"dateModified\":\"2026-07-10T10:29:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/\"},\"wordCount\":678,\"publisher\":{\"@id\":\"https:\/\/euroone.hu\/#organization\"},\"image\":{\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/\",\"url\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/\",\"name\":\"SCA in action: integrating vulnerability management into the build process - EURO ONE\",\"isPartOf\":{\"@id\":\"https:\/\/euroone.hu\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png\",\"datePublished\":\"2026-07-10T10:12:12+00:00\",\"dateModified\":\"2026-07-10T10:29:24+00:00\",\"description\":\"Critical open-source vulnerabilities can't wait for reports. Learn how to integrate SCA into your pipeline for faster, auditable decisions.\",\"breadcrumb\":{\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage\",\"url\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png\",\"contentUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png\",\"width\":1201,\"height\":631},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Kezd\u0151lap\",\"item\":\"https:\/\/euroone.hu\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SCA in action: integrating vulnerability management into the build process\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/euroone.hu\/#website\",\"url\":\"https:\/\/euroone.hu\/\",\"name\":\"Euroone\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/euroone.hu\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/euroone.hu\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/euroone.hu\/#organization\",\"name\":\"Euroone\",\"url\":\"https:\/\/euroone.hu\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png\",\"contentUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png\",\"width\":741,\"height\":768,\"caption\":\"Euroone\"},\"image\":{\"@id\":\"https:\/\/euroone.hu\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/euroone\",\"https:\/\/www.linkedin.com\/company\/euro-one\/\",\"https:\/\/www.youtube.com\/@euroonezrt\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/person\/a07dfdf169ad4d7ad526398a17dbcb96\",\"name\":\"Mancz\u00e1k Rich\u00e1rd\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/37677d3586c5a3e5e28c7713cc9b9d23ab531d902697720841f10cc10264deba?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/37677d3586c5a3e5e28c7713cc9b9d23ab531d902697720841f10cc10264deba?s=96&d=mm&r=g\",\"caption\":\"Mancz\u00e1k Rich\u00e1rd\"},\"url\":\"https:\/\/euroone.hu\/en\/author\/richard-manczak\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SCA in action: integrating vulnerability management into the build process - EURO ONE","description":"Critical open-source vulnerabilities can't wait for reports. Learn how to integrate SCA into your pipeline for faster, auditable decisions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/","og_locale":"en_US","og_type":"article","og_title":"SCA in action: integrating vulnerability management into the build process - EURO ONE","og_description":"Critical open-source vulnerabilities can't wait for reports. Learn how to integrate SCA into your pipeline for faster, auditable decisions.","og_url":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/","og_site_name":"EURO ONE Sz\u00e1m\u00edt\u00e1stechnikai Zrt.","article_publisher":"https:\/\/www.facebook.com\/euroone","article_published_time":"2026-07-10T10:12:12+00:00","article_modified_time":"2026-07-10T10:29:24+00:00","og_image":[{"width":1201,"height":631,"url":"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png","type":"image\/png"}],"author":"Mancz\u00e1k Rich\u00e1rd","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mancz\u00e1k Rich\u00e1rd","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#article","isPartOf":{"@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/"},"author":{"name":"Mancz\u00e1k Rich\u00e1rd","@id":"https:\/\/euroone.hu\/#\/schema\/person\/a07dfdf169ad4d7ad526398a17dbcb96"},"headline":"SCA in action: integrating vulnerability management into the build process","datePublished":"2026-07-10T10:12:12+00:00","dateModified":"2026-07-10T10:29:24+00:00","mainEntityOfPage":{"@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/"},"wordCount":678,"publisher":{"@id":"https:\/\/euroone.hu\/#organization"},"image":{"@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage"},"thumbnailUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/","url":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/","name":"SCA in action: integrating vulnerability management into the build process - EURO ONE","isPartOf":{"@id":"https:\/\/euroone.hu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage"},"image":{"@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage"},"thumbnailUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png","datePublished":"2026-07-10T10:12:12+00:00","dateModified":"2026-07-10T10:29:24+00:00","description":"Critical open-source vulnerabilities can't wait for reports. Learn how to integrate SCA into your pipeline for faster, auditable decisions.","breadcrumb":{"@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#primaryimage","url":"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png","contentUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2026\/07\/blackduck2.png","width":1201,"height":631},{"@type":"BreadcrumbList","@id":"https:\/\/euroone.hu\/en\/sca-in-action-integrating-vulnerability-management-into-the-build-process\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Kezd\u0151lap","item":"https:\/\/euroone.hu\/en\/"},{"@type":"ListItem","position":2,"name":"SCA in action: integrating vulnerability management into the build process"}]},{"@type":"WebSite","@id":"https:\/\/euroone.hu\/#website","url":"https:\/\/euroone.hu\/","name":"Euroone","description":"","publisher":{"@id":"https:\/\/euroone.hu\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/euroone.hu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/euroone.hu\/#organization","name":"Euroone","url":"https:\/\/euroone.hu\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/euroone.hu\/#\/schema\/logo\/image\/","url":"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png","contentUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png","width":741,"height":768,"caption":"Euroone"},"image":{"@id":"https:\/\/euroone.hu\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/euroone","https:\/\/www.linkedin.com\/company\/euro-one\/","https:\/\/www.youtube.com\/@euroonezrt"]},{"@type":"Person","@id":"https:\/\/euroone.hu\/#\/schema\/person\/a07dfdf169ad4d7ad526398a17dbcb96","name":"Mancz\u00e1k Rich\u00e1rd","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/euroone.hu\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/37677d3586c5a3e5e28c7713cc9b9d23ab531d902697720841f10cc10264deba?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/37677d3586c5a3e5e28c7713cc9b9d23ab531d902697720841f10cc10264deba?s=96&d=mm&r=g","caption":"Mancz\u00e1k Rich\u00e1rd"},"url":"https:\/\/euroone.hu\/en\/author\/richard-manczak\/"}]}},"_links":{"self":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts\/4768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/comments?post=4768"}],"version-history":[{"count":5,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts\/4768\/revisions"}],"predecessor-version":[{"id":4776,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts\/4768\/revisions\/4776"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/media\/4767"}],"wp:attachment":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/media?parent=4768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/categories?post=4768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/tags?post=4768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}