Performing SCA Dependency Scanning with Snyk When to Use - When applications use open-source packages that may contain known vulnerabilities - When compliance requires tracking and remediating vulnerable dependencies (PCI DSS, SOC 2) - When needing automated fix PRs for vulnerable dependencies in CI/CD - When license compliance requires visibility into open-source license obligations - When continuous monitoring is needed for newly disclosed vulnerabilities in deployed dependencies Do not use for scanning proprietary application code for logic vulnerabilities (use SAST), for runtime vulnerabi…