Configuration System
Dependency Configurations

6min
Dependency Configurations allow users to adjust the settings for dependency detection, depth, as well as tree creation.
﻿
Use Lock File
Enable this setting to always ignore non-lock manifests if a lock file is detected. Lock vs Non-Lock Manifests﻿ contains more information about the usage of lock files.
When disabled non-lock files will be scanned and lock files will be ignored.
When enabled lock files will be scanned. Any non-lock manifests found will be ignored if they support a corresponding lock file format.
If a manifest which does not have a corresponding lock file format it will be scanned.
Scan Full Dependency Tree
This setting is enabled by default for all new accounts. Disable this setting to restrict SOOS scans to direct dependencies only.
Include Dev/Test Dependencies
Including Dev Dependencies may increase the time each scan takes to complete, and may include issue that do not need to be addressed, in some instances.
Container Dependency Source
Controls dependency parsing and dependency tree resolution for Container scans.
Requires the Container add on. See Subscribing to SOOS Services﻿ to make changes to your plan.
SBOM Dependency Source
Controls dependency parsing and dependency tree resolution for SBOM scans.
Requires the SBOM Manager add on. See Subscribing to SOOS Services﻿ to make changes to your plan.
Auto Link SBOM External Document References
Automatically create Dependent Project﻿ links when SBOMs with external document references (references to other SBOMs) are encountered and the referenced SBOM has already been scanned by SOOS.
Requires the SBOM Manager add on. See Subscribing to SOOS Services﻿ to make changes to your plan.
﻿
Updated 25 Feb 2025
Did this page help you?
GitHub Configurations
Scan & Build Configurations