SOOS has a unique approach to scanning private internal packages and package (or project) references within projects which does not require any SOOS app or hooks within your internal environment.

Private Internal Packages

To scan your private internal packages from the SOOS application, you must first define a package mask, either globally or for specific projects on the Configure page. 

Once a project mask has been defined SOOS will identify projects based on a match between the mask and the name of the packages. These packages will display the following info message in the Dependency Detail view, and are identified in the dependency tree using the same icon seen in the message.

SOOS UI Internal Package notification message

In the following example, a package mask has been defined for [xyz_company*].  For the purposes of the screenshot, the identifier [xyz_company] has been obscured from the package names.  Since we have a package mask for [xyz_company*], SOOS was able to mark the package "xyz_company.commmon" as internal, rather than 'unknown'.

SOOS UI Dependency tree displayinjg Internal package icon and notificaiton message

The further benefit of defining package masks is that it allows SOOS scans to detect any possible dependency substitutions.

If SOOS finds a project name exactly matching the package (in our example a scan would need to exist for a project named “xyz_company.common”), then the package will be linked to that project in the dependency details, allowing you to navigate to the scan for the internal package.

Linked Projects

For some languages SOOS will resolve project references and package inheritance between linked projects within a solution.

In the screenshot above, you can see that the package “xyz_company.repository” has sub-dependency packages. This is a .NET project reference so we will ensure that all packages for the .repository package are also listed in the tree.