Getting Started with SOOS SCA

SCA helps ensure that the open source components that developers embed in their applications meet basic security standards and do not introduce risk to the organization. SOOS Core SCA runs a proprietary, patented analysis engine which runs deep dependency analysis, license analysis, vulnerability detection and cryptographic validation using our database of 84+ million packages.

Running an SCA scan is quick and easy, once you have an account there are a number of ways to run your first scan, from there you can add additional configurations and integrations.

First you'll need a trial account, follow Initial Account Creation to get set up.

The quickest way to run a scan is to Run a QuickScan.

Use the SCA tab of the Integrations page to configure and run an SCA scan using a script or CI/CD system.

SCA scans will appear on your Developer Dashboad as projects. Project names can be specified using the Script or CI/CD integration or may be taken from the manifest file if available. If the project name corresponds to an existing project, the scan indicator will be used to show all scan types for the project. See Projects for more details on determining and switching scan types for a project.

Want the technical details? Check out or GitHub Readme it has all the details you'll need. You can also browse the full source of our SCA integration script under this same GitHub repo, if you're curious!

The SOOS Configuration System provides a highly flexible and overridable configuration system.

SOOS supports numerous Integrations, including Issue Management Integrations.