Software composition analysis (SCA) tools provide valuable data to security pros, legal pros, and app developers by identifying software vulnerabilities and exposing licenses for open source components. SCA tools come from a cross section of open source scanning vendors and traditional security assessment offerings, but functionality is standardizing. Security pros need to understand the landscape to choose the functionality that best fits their organization's risk management needs. This is an update of a previously published report; Forrester reviews and updates it periodically for continued relevance and accuracy.