Automated Software Composition Analysis (SCA) includes scanning and evaluating code dependencies (usually open-source) for known vulnerabilities and licensing.
This process is applicable to composers and dependency managers such as Docker Compose, Maven, NPM Bazel and pip.