FAQs

Supported Languages & Manifests

Information on currently supported languages and manifests

Using Lockfiles

Lockfiles vs non-lockfile manifests

SOOS DigitalOcean Add-On

Find SOOS in the DigitalOcean Add-On Marketplace

How do I integrate SOOS with my CI/CD platform?

How can I give SOOS direct access to scan my projects?

SOOS can't read my GitHub repository

I have integrated GitHub but my manifests are not detected.

What information is included in the Software Bill of Materials report?

Can the SBOM be customized for my needs?

What format does SOOS use to generate the SBOM file?

How is the Software Bill of Materials structured? What export file types are available?

Scanning Development Dependencies

Look for issues beyond production code

How do I integrate SOOS with my Issue Management system?

I want to be able to send issue fix recommendations to my ticketing system for my team to address.

My vulnerability doesn't have a fix available

What do I do if SOOS identified a vulnerability but does not have any recommended fixes?

Stop your build if there are vulnerabilities or violations

Halt your project's build as soon as a vulnerability or violation is identified.

Rotate API Keys to increase security!

Suggested for use with CI/CD and Python Script integrations

My CI/CD is integrated but my scans are failing

SOOS is returning manifest errors

Issues: Vulnerabilities

What are Vulnerability issue types?

Issues: Violations

What are Violation issue types?

Issues: Dependency Typos

What are Dependency Typos?

Issues: Dependency Substitutions

What are Dependency Substitutions?

Issues: Web Vulnerabilities

What are Web Vulnerability issue types?

What does "disputed" mean in the vulnerability details?

SOOS identified a vulnerability that is tagged as **DISPUTED**.

Does SOOS allow me to run scans on demand?

Addressing issues marked as pending

What needs to be done to resolve pending issues?

How to suppress an issue from your list

Choosing to address issues at a later time

Where can we find our suppressed issues?

We marked a number of issues as suppressed, where do we access them to re-assess?

Mark a vulnerability as resolved

How can I remove the issue alert from my dashboard?

Mark a policy violation issue as resolved

How do I remove a policy violation from my project?

Avoid specific package IDs and/or versions

We need to avoid using specific package IDs and/or package versions in our product.

Using Package Masks

What is a Package Mask and why do I need one?

Ensure only packages meeting acceptance criteria are used

My company wants to restrict the use of packages that do not meet our quality standards.

Ensure open source licenses are appropriate to use

Make sure your selected open source licenses don't limit how you use your software.

Ensure that packages with specific license names are avoided

We need to make sure we don't include a specific license type in our project.

Scan multiple languages simultaneously

We use more than one language, can they be scanned together?

How does SOOS protect my data?

Keeping your intellectual property confidential and free of vulnerabilities.

How long does it typically take SOOS to scan a project?

How much time should I budget for vulnerability scanning?

How often is SOOS updating open source vulnerability data?

Details on how often SOOS is providing new vulnerability data.

How often does SOOS rescan the NVD (National Vulnerability Database)?

Does SOOS keep up with vulnerability current events?

How often does SOOS rescan GitHub vulnerabilities?

How current are my scans?

How many users are included in a subscription to SOOS?

What is a Service Account User and when might I need to create one?

Use Service Accounts for integration purposes.

Reporting bugs in SOOS

What to do if you come across a bug in SOOS

Reporting vulnerabilities that SOOS did not identify

What happens at the end of my trial?

How do I renew my trial/subscription after it has expired?

I wish to continue using SOOS, but my payment wasn't submitted on time.

How does SOOS handle payment errors?

Will I know before my subscription is terminated?

Why am I not receiving a Multi-factor Authentication code email?

I am trying to log into my account but can't find my authentication code.

What browsers are supported by SOOS?

Are there certain browsers that SOOS is optimized to work with?

Has SOOS been impacted by Log4j?

SOOS is a SaaS product

How can I access SOOS?