FAQs

Supported Languages & Manifests

Information on currently supported languages and manifests

Using Lockfiles

Lockfiles vs non-lockfile manifests

SOOS DigitalOcean Add-On

How do I integrate SOOS with my CI/CD platform?

How can I give SOOS direct access to scan my projects?

SOOS can't read my GitHub repository

I have integrated GitHub but my manifests are not detected.

Scanning Development Dependencies

Look for issues beyond production code

How do I integrate SOOS with my Issue Management system?

I want to be able to send issue fix recommendations to my ticketing system for my team to address.

My vulnerability doesn't have a fix available

What do I do if SOOS identified a vulnerability but does not have any recommended fixes?

Stop your build if there are vulnerabilities or violations

Halt your project's build as soon as a vulnerability or violation is identified.

Rotate API Keys to increase security!

Suggested for use with CI/CD and Script integrations

My CI/CD is integrated but my scans are failing

SOOS is returning manifest errors

Issues: Vulnerabilities

What are Vulnerability issue types?

Issues: Violations

What are Violation issue types?

Issues: Dependency Typos

What are Dependency Typos?

Issues: Dependency Substitutions

What are Dependency Substitutions?

Issues: Web Vulnerabilities

What are Web Vulnerability issue types?

What does "disputed" mean in the vulnerability details?

SOOS identified a vulnerability that is tagged as **DISPUTED**.

Does SOOS allow me to run scans on demand?

Addressing issues marked as pending

What needs to be done to resolve pending issues?

How to attest an issue in your list

Choosing to address issues at a later time

Where can we find our attested vulnerabilities?

We attested a number of vulnerabilities, where do we access them to re-assess?

Mark a vulnerability as resolved

How can I remove the issue alert from my dashboard?

Mark a policy violation issue as resolved

How do I remove a policy violation from my project?

Avoid specific package IDs and/or versions

We need to avoid using specific package IDs and/or package versions in our product.

Using Package Masks

What is a Package Mask and why do I need one?

Ensure only packages meeting acceptance criteria are used

My company wants to restrict the use of packages that do not meet our quality standards.

Ensure open source licenses are appropriate to use

Make sure your selected open source licenses don't limit how you use your software.

Ensure that packages with specific license names are avoided

We need to make sure we don't include a specific license type in our project.

Scan multiple languages simultaneously

We use more than one language, can they be scanned together?

How does SOOS protect my data?

Keeping your intellectual property confidential and free of vulnerabilities.

How long does an SCA scan take?

How often is SOOS updating open source vulnerability data?

Details on how often SOOS is providing new vulnerability data.

How often does SOOS rescan the NVD (National Vulnerability Database)?

Does SOOS keep up with vulnerability current events?

How often does SOOS rescan GitHub Advisory Database?

How current are my scans?

How many users are included in a subscription to SOOS?

What is a Service Account User and when might I need to create one?

Use Service Accounts for integration purposes.

Reporting bugs in SOOS

What to do if you come across a bug in SOOS

Reporting vulnerabilities that SOOS did not identify

What happens at the end of my trial?

What do I do if I want to make a payment after my trial expires?

I wish to continue using SOOS, but my payment wasn't submitted on time.

How does SOOS handle payment errors?

Why am I not receiving a Multi-factor Authentication code email?

I am trying to log into my account but can't find my authentication code.

What browsers are supported by SOOS?

Are there certain browsers that SOOS is optimized to work with?

Has SOOS been impacted by Log4j?

SOOS is a SaaS product

How can I access SOOS?

Email address is already in use

Branch is not being scanned

Scanning Private/Internal Packages

How does SOOS handle private packages in scans?

Adding more seats

Add to your subscription at any time

What is a "Contributing Developer"?

How many seats do you need to purchase?

Scan Timeouts

Scan Types

A look at the different scans SOOS performs and when they are used.

Exploitable Vulnerabilities

Are your vulnerabilities likely to be exploited?

Scanning tags and commit hashes

Currently available only for GitHub Actions

How does SOOS determine vulnerability severity?

TypeScript changes

The following changes should be considered when converting to SOOS TypeScript integrations

Issues: Unknown Packages

What are Unknown Packages issues?

Issues: Code Issues

What are Code Issues?