The default setting in SOOS does not scan Dev/Test Dependencies, however there is a setting on the Configure page that allows you to enable this feature.

Dependencies matching the following descriptions will also be considered dev dependencies and will be ignored unless Include Dev/Test Dependencies is enabled.

  • Dependencies in manifests (all languages) marked as 'optional'.
  • Dependencies in Java projects that are marked with a <scope>test</scope> tag, <scope>import</scope> tag, or listed under a <plugin> section. 
Exception:

All scans performed on uploaded manifests via the Manifest Scan feature will initially include Dev Dependencies.  Every subsequent scan of a given manifest will adhere to the saved Dependency Settings.