Now that you have uploaded your software assets and organized them into different asset groups, it’s time to scan them for potential security issues. Start the scanning process to identify vulnerabilities and ensure the security of your software assets.

Initial Scan

Once you add a software asset to an asset group, it will not be scanned until you click "Select to Monitor." The initial scan will be conducted as soon as monitoring is enabled.

Rescan

The rescan process can be triggered in several ways:

1. Manual Rescan: Click the "Rescan" button located in the upper-left corner of the scan results page.
2. Software Changes: Whenever there is a change to your software, such as a new commit, a scan will automatically be conducted.
3. Threat Database Updates: Whenever our threat database is updated (e.g., new vulnerabilities, licenses, etc.), the system will automatically perform a rescan.

Scan Results

What is analyzed in each scan?

During each scan, DeepAsset will conduct the following analysis:

1. Composition Analysis. DeepAsset performs a thorough analysis of your software to identify all components and dependencies used in its development. This process provides a detailed breakdown of the software's composition, enabling better visibility into the libraries, frameworks, and third-party tools integrated into your project.
2. Vulnerability Analysis.
3. Policy Check.