A method for identifying security vulnerabilities in a third party software component includes generating a test application for the third party software component. The test application is generated such that every externally accessible data path in the third party component is called. The test application and the third party software component are analyzed using a static application security testing (SAST) code analyzer. One or more test results are obtained from the SAST code analyzer. The one or more test results are used to identify security vulnerabilities in the third party component.