SOOS Issues

Creating Tickets & Pull Requests

5min

Tickets may be created for any SOOS Issue Types. By integrating with Jira, Azure DevOps, GitHub, and Shortcut SOOS can generate fix tickets for your team to triage and implement at their own discretion.

The Create Ticket button will be available at the bottom of the issue detail view for accounts that have integrated with an issue management system. The Create Pull Request button will also be available if the account is integrated with GitHub. Either or both of these buttons will be disabled when an integration has not been setup (as shown below for Pull Requests).

  • Use the Syntax dropdown to select either Update or Manifest. SOOS will provide fix information using the syntax that corresponds with the format that was selected.
  • Select the desired package version to include in the fix information.
Document image


Creating a Ticket

To push fix information to an integrated issue management system select Create Ticket.

SOOS will display the Title and Description for the ticket to be submitted. Notice the fix information following the chosen syntax is included. Both the title and description can be edited by the user to enhance or modify the information that will display in the ticketing system.

Select Create when complete.

For accounts with GitHub integrations only - If both a fix ticket and pull request are desired select the Create Pull Request checkbox at the bottom of the window to perform both actions together. This works, even if GitHub is not used as the issue management system.

Ticket creation dialog


Issues Without Fixes

Some issues may not have newer package versions available to upgrade to, or the newer versions may not be vulnerability-free. SOOS will indicate when this occurs and will not include the Syntax selection option. A ticket may still be created to allow developers to research and fix independently (this is also the case for Violation and Unknown Package issue types). Alternatively, these issues may be Suppressed, using the Creating Issue Suppressions & Attestations.

DAST Web Vulnerabilities & SAST Code Issues

DAST web vulnerabilities and SAST code issues do not have automatic fixes available, but will typically include recommend actions to take to correct the identified problem. The only difference from SCA, SBOM, and Container ticket creation is that there will not be any suggested version upgrade syntax included.

Both DAST and SAST issues allow tickets to be created, so the issue can be tracked in an issue management system.

Moving Issues Back to Unaddressed

Issues may be moved back to the Unaddressed issue state in SOOS at any point after locating the issue in the Pending tab. This will remove the link between the issue in SOOS and the issue management system, but will not remove the ticket in the issue management system.

Move issue back to unaddressed button and dialog




Updated 26 Feb 2025
Doc contributor
Did this page help you?
PREVIOUS
Researching and Identifying Fixes
NEXT
GitHub Pull Requests
Docs powered by Archbee