What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it
By: Anand Sawant
Date: Jan. 11, 2024, 6 p.m.

With the rise in AI, there is more focus on Python dependency management and SCA scanning. Python's dependency management system makes it easy for developers to leave dependencies out of the manifest. This means that almost every SCA tool that relies on a manifest will be wrong. We show how leveraging program analysis techniques one can avoid the pitfalls of these so-called phantom dependencies.