FAQs

Why am I not receiving a Multi-factor Authentication code email?

I am trying to log into my account but can't find my authentication code.

Supported Languages & Manifests

Information on currently supported languages and manifests

What information is included in the Software Bill of Materials report?

Can the SBOM be customized for my needs?

What format does SOOS use to generate the SBOM file?

How is the Software Bill of Materials structured? What export file types are available?

How do I integrate SOOS with my CI/CD platform?

How can I give SOOS direct access to scan my projects?

How do I integrate SOOS with my Issue Management system?

I want to be able to send issue fix recommendations to my ticketing system for my team to address.

Stop your build if there are vulnerabilities or violations

Halt your project's build as soon as a vulnerability or violation is identified.

My CI/CD is integrated but my scans are failing

SOOS is returning manifest errors

SOOS can't read my GitHub repository

I have integrated GitHub but my manifests are not detected.

How often does SOOS rescan the NVD (National Vulnerability Database)?

Does SOOS keep up with vulnerability current events?

How often does SOOS rescan GitHub vulnerabilities?

How current are my scans?

How long does it typically take SOOS to scan a project?

How much time should I budget for vulnerability scanning?

My vulnerability doesn't have a fix available

What do I do if SOOS identified a vulnerability but does not have any recommended fixes?

What browsers are supported by SOOS?

Are there certain browsers that SOOS is optimized to work with?

Can I ingest an SBOM to be scanned by SOOS?

I want to reverse engineer a project in SOOS using an existing Software Bill of Materials.

Can I scan an SBOM without access to the source code?

Can I work backward from a Software Bill of Materials?

What is a Service Account User and when might I need to create one?

Use Service Accounts for integration purposes.

What does "disputed" mean in the vulnerability details?

SOOS identified a vulnerability that is tagged as **DISPUTED**.

How does SOOS protect my data?

Keeping your intellectual property confidential and free of vulnerabilities.

How do I renew my trial/subscription after it has expired?

I wish to continue using SOOS, but my payment wasn't submitted on time.

How does SOOS handle payment errors?

Will I know before my subscription is terminated?

Does SOOS allow me to run scans on demand?

Where can we find our suppressed issues?

We marked a number of issues as suppressed, where do we access them to re-assess?

How many users are included in a subscription to SOOS?

Avoid specific package IDs and/or versions

We need to avoid using specific package IDs and/or package versions in our product.

Ensure only packages meeting acceptance criteria are used

My company wants to restrict the use of packages that do not meet our quality standards.

Ensure open source licenses are appropriate to use

Make sure your selected open source licenses don't limit how you use your software.

Reporting bugs in SOOS

What to do if you come across a bug in SOOS

Scan multiple languages simultaneously

We use more than one language, can they be scanned together?

How often is SOOS updating open source vulnerability data?

Details on how often SOOS is providing new vulnerability data.

How to suppress an issue from your list

Choosing to address issues at a later time

Mark a vulnerability as resolved

How can I remove the issue alert from my dashboard?

Mark a policy violation issue as resolved

How do I remove a policy violation from my project?

Scanning Development Dependencies

Look for issues beyond production code

Reporting vulnerabilities that SOOS did not identify

Pushing recommended fixes to your DevOps workflow

SOOS sends issue correction details to your issue management system

Addressing issues marked as pending

What needs to be done to resolve pending issues?

Ensure that packages with specific license names are avoided

We need to make sure we don't include a specific license type in our project.

Has SOOS been impacted by Log4j?

Using Lockfiles

Lockfiles vs non-lockfile manifests

Issues: Dependency Typos

What are Dependency Typos?

Issues: Dependency Substitutions

What are Dependency Substitutions?

Using Package Masks

What is a Package Mask and why do I need one?

Issues: Vulnerabilities

What are Vulnerability issue types?

Issues: Violations

What are Violation issue types?

Issues: Web Vulnerabilities

What are Web Vulnerability issue types?

What happens at the end of my trial?

Rotate API Keys to increase security!

Suggested for use with CI/CD and Python Script integrations

SOOS DigitalOcean Add-On

Find SOOS in the DigitalOcean Add-On Marketplace