Security and development pros use software composition analysis (SCA) software to identify vulnerabilities, licensing risks, conflicts, and noncompliant usage in open-source and third-party components; determine where and how to remediate; select healthy and secure components; and create an inventory of components. SCA is key to ensuring a secure software supply chain. As part of the research for our recent Forrester Wave™ evaluation of the SCA market, we interviewed reference customers about their SCA usage. Security and development leaders should use this report to inform best practices when selecting a SCA vendor or as a benchmark for their current vendor.