Software Composition Analysis

Does Deepsource scan dependencies as well or only the source code? Does it do both SAST and SCA scan?