Getting Started with SOOS

What Can SOOS Scan?

3min

SOOS supports many different types of scanning based on your tech stack and requirements. Each scan type has multiple ways of integration, most support integration through numerous CI systems, file upload, or direct GitHub integration. All scan types that SOOS supports will flow into the Dashboards and can be viewed alongside your other scan results.

Component/Dependency Analysis

Software Composition Analysis (SCA)

SCA helps ensure that the open source components that developers embed in their applications do not introduce risk.

Container Scanning

Container scanning helps ensure that containers deployed (or built upon) by an organization do not introduce risk.

Software Bill of Materials (SBOM) Scanning

SBOM scanning ensures that first or third party SBOMs do not introduce risk.

  • Proprietary and Patented Analysis
  • Full Dependency Tree Creation
  • Vulnerability Analysis
  • License Analysis
  • Governance Policies
  • Issue Creation
  • Report Generation
  • Compliance

Web Application Analysis

Dynamic Application Security Testing (DAST)

DAST scanning helps identify problems and vulnerabilities found in web applications by running scans against deployed web applications on demand.

  • Built on top of ZAP
  • No Limit Endpoint Scanning
  • Multiple Authentication Flows
  • API Scanning
  • Centralized Reporting
  • Issue Creation
  • Governance Policies

Code Analysis

Static Application Security Testing (SAST/Secrets)

SAST helps ensure that security issues or bad practices are not found in source code and are caught early in the development process.

  • Bring your own SAST/Secrets Tool
  • Centralized Reporting
  • Issue Creation
  • Governance Policies



Updated 05 Mar 2025
Doc contributor
Did this page help you?
PREVIOUS
Who is SOOS?
NEXT
What Does SOOS Access and Store?
Docs powered by Archbee