---
title: Software Composition Analysis (SCA) Configuration
description: >-
  Reference documentation for Datadog Software Composition Analysis (SCA)
  configuration, including path exclusion.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Software Composition Analysis >
  Software Composition Analysis (SCA) Configuration
---

# Software Composition Analysis (SCA) Configuration

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

Datadog Software Composition Analysis (SCA) detects open source libraries and their vulnerabilities in your code. You can exclude specific paths from Static SCA analysis. Configure this setting under the `sca` key in the Code Security configuration, either in Datadog or in a `code-security.datadog.yaml` file.

The `sca` key requires `schema-version: v1.1` and supports the following field:

| **Property**   | **Type** | **Description**                                                  | **Default** |
| -------------- | -------- | ---------------------------------------------------------------- | ----------- |
| `ignore-paths` | Array    | File paths or glob patterns to exclude from Static SCA analysis. | None        |

Example:

```yaml
schema-version: v1.1
sca:
  ignore-paths:
    - "vendor/"
    - "**/node_modules/**"
    - "third_party/"
```

For more information on configuration locations, precedence, and merging, see [Code Security Configuration Reference](https://docs.datadoghq.com/security/code_security/guides/configuration.md).

## Further Reading{% #further-reading %}

- [Software Composition Analysis](https://docs.datadoghq.com/security/code_security/software_composition_analysis.md)
- [Code Security Configuration Reference](https://docs.datadoghq.com/security/code_security/guides/configuration.md)