A look at the different scans SOOS performs and when they are used.
Updated on August 18, 2023
SCA Scans
Full scan - SOOS performs a full scan via integrated repositories or CI/CD systems when a commit is made or a build is kicked off. Manually uploading a manifest to scan in the SOOS UI will also perform a full scan. This scan obeys all Dependency and Scan settings at the global and/or project level found on the Configure page at the time of the scan.
Refresh scan - SOOS performs an automatic daily refresh scan on all existing project branches configured for a daily scan in the Branch Filter found on the Configure page. This scan uses the most recently scanned manifest versions and applies all scan settings that were in place at the time of the previous full scan, as well as the Scan Full Dependency Tree setting in place at the time of the scan.
Rescan - Users can initiate a rescan at any time using the 'rescan now' link in the upper right corner of the project detail page. Similar to a refresh scan, this scan will use the most recently scanned manifest and all previously applied scan settings, as well as the Scan Full Dependency Tree setting in place at the time of the scan.
DAST Scan Modes
Baseline scan- The script does not perform an actual 'attack' and is quick to run, taking only a few minutes.
FullScan - The script does perform actual 'attacks' and can take much longer to run. Note that the time limit for SOOS DAST scans is 3 hours.
To see the list of tests performed during baseline scan mode visit the Zaproxy link above and filter for Active type.
API scan - This is used specifically to scan APIs defined by openapi, soap, or graphql via local file or URL
SBOM Scans
Full scan - Each time an SBOM file is uploaded in the SOOS UI, a full scan is performed. Scan settings on the Configure page do not apply to SBOM scans.
Refresh scan - SBOM refresh scans will occur daily, there is no configuration needed to ensure refresh scans occur on SBOM projects. The most recently uploaded SBOM version will be scanned.
Rescan - Similar to SCA rescans, users can manually initiate a rescan for any SBOM using the 'rescan now' link. The most recently uploaded SBOM data will be used.
Thank you for leaving a rating!
Did you find this article helpful?
0 out of 0 people found this article helpful so far
Can't find what you're looking for?