The Gartner Market Guide for Software Composition Analysis (SCA) highlights the growing importance of open source software security and the need for effective risk management and mitigation. The guide recommends that organizations add SCA tools to their application security testing toolkit, secure their software supply chain, establish policies for automated enforcement, and position SCA more prominently in development workflows. SCA tools are essential for identifying and mitigating security vulnerabilities and license issues introduced via open source dependencies, and they must provide functions such as identification of open source components, license compliance management, security vulnerability correlation with vulnerability databases, governance and control, reporting and analysis, and prioritization. To evaluate SCA tools, organizations should consider criteria such as ecosystem and language support, deep and broad security data, prioritiization, developer-friendliness, remediation, integrations, policies, and reporting/BoM.