99% of codebases contain at least one open-source component. 91% contain components that are either more than four years out of date or have not seen development activity in the last two years. Software Composition Analysis (SCA) or Static Analysis Security Testing (SAST) can help developers and security teams find and remediate security issues faster and more efficiently. Using tools like SCA, SCA or SAST can automate this process and help developers find and. remediate issues faster than manual code review.
Source: https://www.helpnetsecurity.com/2021/05/19/security-code-review/