FAQs

Why am I not receiving a Multi-factor Authentication code email?

I am trying to log into my account but can't find my authentication code.

What troubleshooting steps do I take if SOOS can't read my manifest?

My CI/CD is integrated but my scans are failing.

How do I troubleshoot if SOOS can't read my GitHub repository?

I have integrated GitHub but my manifests are not detected.

How often does SOOS rescan the NVD (National Vulnerability Database)?

Does SOOS keep up with vulnerability current events?

How often does SOOS rescan GitHub vulnerabilities?

How current are my scans?

How long does it typically take SOOS to scan a project?

How much time should I budget for vulnerability scanning?

What can I do if a package issue doesn't have a fix available?

SOOS identified a vulnerability issue but does not have any recommended fixes.

What browsers are supported by SOOS?

Are there certain browsers that SOOS is optimized to work with?

Can I add an SBOM from a device as a project in SOOS?

I want to reverse engineer a project in SOOS using an existing Software Bill of Materials.

Can I scan an SBOM without access to the source code?

Can I work backward from a Software Bill of Materials?

What is a Service Account User and when might I need to create one?

Use Service Accounts for integration purposes.

What does "disputed" mean in the vulnerability details?

SOOS identified a vulnerability that is tagged as **DISPUTED**.

How does SOOS protect my data?

Keeping your intellectual property confidential and free of vulnerabilities.

How do I renew my trial/subscription after it has expired?

I wish to continue using SOOS, but my payment wasn't submitted on time.

How does SOOS handle payment errors?

Will I know before my subscription is terminated?

What are typo vulnerabilities?

How does SOOS identify typo issues?

Does SOOS allow me to run scans on demand?

I want to be able to initiate scans as needed.

Where can we find our suppressed issues?

We marked a number of issues as suppressed, where do we access them to re-assess?

Can SOOS stop my build if it detects vulnerabilities or violations?

I want to halt my project's build as soon as a vulnerability or violation is identified.

How many users are included in a subscription to SOOS?

I'm adding more developers to my project - are we covered with the SOOS flat fee?

Can SOOS ensure that specific package IDs and/or versions are avoided?

My company wants to avoid using specific package IDs and/or package versions in our product.

Can SOOS ensure only packages meeting my acceptance criteria are used?

My company wants to restrict the use of packages that do not meet our quality standards.

Can SOOS ensure open source licenses are appropriate for us to use?

My company needs to make sure our selected open source licenses don't limit how we use our software.

How can I report bugs in SOOS?

What to do if you come across a bug in SOOS

What Languages & Manifests does SOOS support?

Information on currently supported languages and manifests

How can I use SOOS to scan multiple languages simultaneously?

My team uses more than one language in our programming, can I easily scan them all together?

How often is SOOS updating open source vulnerability data?

Details on how often SOOS is providing new vulnerability data.

How do I remove a vulnerability from my issue list that can't be corrected?

SOOS made me aware of a vulnerability that can't happen from my code base.

How do I mark a vulnerability or typo issue as resolved?

I addressed the issue in my manifest, how can I remove the issue alert from my dashboard?

How do I mark a policy violation issue as resolved?

I have addressed the source of a policy violation, how do I remove the issue alert from my dashboard?

Can SOOS scan my Development Dependencies?

I want to look for vulnerabilities beyond just my production code.

What format does SOOS use to generate the SBOM file?

How is the Software Bill of Materials structured? What export file types are available?

What information is included in the Software Bill of Materials report?

Can the SBOM be customized for my needs?

Where can I report vulnerabilities that SOOS did not identify?

I think SOOS might have missed a vulnerability.

How do I integrate SOOS with my Issue Tracking system?

I want to be able to send issue fix recommendations to my ticketing system for my team to address.

How do I integrate SOOS with my CI/CD platform?

How can I give SOOS direct access to scan my projects?

How does SOOS implement recommended fixes into my project(s)?

Will SOOS make the corrections to my manifest for me?

What action is required to address issues marked as pending?

I have a number of issues in pending status, what needs to be done to move them to resolved?

Can SOOS ensure that packages with specific license names are avoided?

My company needs to make sure we don't include a specific license type in our project.

Has SOOS been impacted by Log4j?