SOOS Community Edition

The Community Edition is a free version of our SCA tool, designed to support open source projects. Register for Community Edition here.

Community Edition project must meet the following criteria:

• Meet the Open Source definition
• Be a public repository on GitHub
• Have a package published to a supported registry 
  • (for use with package-based badges, alternatively see scan-based badges)
• Use a SOOS badge in its ReadMe

To learn the specifics of the details that must be in sync between your SOOS account, open source package, and source repository, refer to our Community Edition Requirements article.

Learn more below about setting up projects in the Community Edition.

Creating a SOOS Community Edition Project

• SOOS Community Edition accounts exclusively support SCA scans via GitHub integrations via webhook or QuickScan.  Follow our instructions for GitHub Marketplace SOOS App Integration to complete the integration.
• For a quick start, add projects to your SOOS account using our QuickScan process by scanning a public repository.
• Once the scan has been initiated, SOOS will attempt to determine an open source package ID from any available manifest files in order to link the package to the project. 
  • Note that not all package managers support the definition of package IDs or versions in manifest files.
  • It may also be impossible to identify the open source package ID if multiple manifest files exist in the repository.
• If an open source package ID is identified in the repository's manifest, a project will be created in SOOS and the open source package will be linked to that project.
  
• If an open source package cannot be matched to your manifest, the project will be scanned and the desired open source package can be linked manually.

Manually Linking an Open Source Package

• If the scanned repository does not contain a package, the Link a package step can be skipped.  Proceed ahead to add a scan-based badge (see below).
  
• Within the project view select the Link a package chip.  In the provided form, enter the requested information about the package and select Save to establish the link.
  • You may opt to provide the specific Manifest Path to ensure future SOOS scans use the appropriate manifest when locating the version details.
    
    
    

Adding a Badge to the ReadMe

Repositories without a package must use one of the scan-based badge options.  Repositories with linked packages may use either scan-based or package-based badge options.  Preview the available badge options in our SOOS Badges article.

• Access the Manage tab and select the Add a Badge from the Badge Management section.
  
  
• The project and linked package (if applicable) will be pre-populated on the Create a Badge form.
• For package-based badges, select the Package Version for which the badge will be associated.
• Select the desired Badge Type to be displayed in your repository.
• Copy the provided markdown content generated for the badge and paste into the ReadMe file in the corresponding repository.
  
• When the badge has been successfully added to the ReadMe, the project will display a Badge Verified chip.
  
  

For troubleshooting errors experienced during Community Edition scans refer to our Community Edition Requirements article.

See our Version Tagging article to ensure the scan is linked to the correct package version.