Software Composition Analysis (SCA) is a practice that helps teams understand their software's dependencies and security implications by analyzing open-source libraries. Traditional SCA tools use static analysis to identify vulnerabilities, but runtime context is also essential to determine the actual risk presented by a vulnerability. Frameworks such as Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS) can be used to prioritize remediation efforts, with CVSS scores reflecting severity and EPSS scores predicting exploitability. Datadog SCA uses both static analysis and runtime analysis to monitor for vulnerabilities throughout the code's lifecycle, providing efficient end-to-end vulnerability detection and management. It also offers a Severity Score that combines CVSS and Environmental metrics to provide unique insight into the risk represented by a vulnerability, allowing teams to prioritize remediation efforts effectively. Additionally, Datadog SCA provides source code integration, service integration, and Quality Gates to detect vulnerabilities early, focus remediation efforts, and prevent new vulnerabilities from creeping into the codebase.