The default setting in SOOS does not scan Dev/Test Dependencies for CI/CD integrated scans*, however there is a setting on the Configure page that allows you to enable this feature.  

Dependencies matching the following descriptions will also be considered dev dependencies and will be ignored unless Include Dev/Test Dependencies is enabled.

  • Dependencies in manifests (all languages) marked as <optional>.
  • Specific to Java projects: 
    • Dependencies marked with a <scope>test</scope> tag or <scope>import</scope> tag
    • Dependencies listed under a <plugin> section 
    • Dependencies listed under a <profile> section marked with <id>test</id><id>debug</id>, <id>demo</id>, or <id>build</id>

All scans performed on uploaded manifests via the Manifest Scan feature will include Dev/Test Dependencies by default.

SOOS UI Dependency Settings highlighting Development Dependencies setting