| dc.rights.license | CC-BY-NC-ND | |
| dc.contributor.advisor | Jansen, Slinger | |
| dc.contributor.author | Wouters, Florian | |
| dc.date.accessioned | 2025-08-15T00:00:52Z | |
| dc.date.available | 2025-08-15T00:00:52Z | |
| dc.date.issued | 2025 | |
| dc.identifier.uri | https://studenttheses.uu.nl/handle/20.500.12932/49727 | |
| dc.description.abstract | Context: Software Composition Analysis (SCA) tools are essential for managing third-party dependencies in software development. These tools help identify and mitigate vulnerabilities in third-party dependencies. Given the increase in open-source soft-ware usage in software development, the importance of effective SCA tools also grows, making it crucial to choose the right tool for the specific project needs. Problem: Despite the availability of many SCA tools, a comprehensive selection model for a wide range of tools is lacking. Due to the variety of alternatives available and the specific needs of different projects, selecting the most suitable SCA tool can be formulated as a multi-criteria decision problem. Objective: The main objective of this study is to support decision-makers in selecting the right SCA tools by designing an efficient and effective decision-support model. Method: Using design science, this study proposes a multi-criteria decision model(MCDM) for the SCA tool selection problem. This MCDM is based on an existing framework that assists decision-makers with software selection problems in the software production industry. This model captures knowledge regarding the quality attributes and features of 29 SCA tools. The knowledge is gathered through literature study, expert interviews and document analysis. Result: This resulted in a MCDM consisting of approximately 64 features, and 29 SCA tools based on their support for these features, and 39 Quality attributes that assesses the impact of the features. Conclusion: The model supports decision makers by providing an overview of the tools and their supported features, helping to filter and compare options based on their specific requirements. By using the MoSCoW weighted decision-making method, the model assists organizations in prioritising their requirements and providing a short list of SCA tools. While the model provides valueable support, it should not be solely relied upon for final decisions. Decision makers are adviced to complement the MCDM model with deeper insights into the actual performance of the tool. | |
| dc.description.sponsorship | Utrecht University | |
| dc.language.iso | EN | |
| dc.subject | This study develops a decision-support model to address the challenge of selecting Software Composition Analysis (SCA) tools for software-producing organizations. These tools manage vulnerabilities in third-party dependencies. Using design science, it proposes a multi-criteria decision model (MCDM) with 64 features, 39 quality attributes, and 29 tools. The model helps filter, compare, and prioritize tools, supporting the selection of the most suitable SCA tool. | |
| dc.title | A Decision Support Model for Software Composition Analysis Tools | |
| dc.type.content | Master Thesis | |
| dc.rights.accessrights | Open Access | |
| dc.subject.keywords | Software Composition Analysis; SCA tools; multi-criteria decision-making; decision support model; vulnerability management; third-party dependencies | |
| dc.subject.courseuu | Business Informatics | |
| dc.thesis.id | 51642 | |
