Armed with this data, Hub scans your project's code to identify its open-source components. It then checks the code for known vulnerabilities and for new vulnerabilities as they're reported.