The following report types are available to all SOOS accounts, all are available in HTML and CSV file formats:

  • SCA reports:
    • "SOOS Vulnerabilities"
      • Severity, CVE ID, affected package, and link to more information for all vulnerabilities in the given project.
    • "SOOS Packages"
      • Package ID, version, and link to package details for all packages in the given project.
    • "SOOS Licenses"
      • License name, SPDX ID, and link to license details for all licenses in the given project.
  • DAST report:
    • "SOOS Issues"
      • Issue severity and title (with CWE ID) for all web vulnerabilities in the given project.

SOOS accounts with access to SBOM Export (see pricing) or SBOM Manager license will also have the ability to produce the following reports for SCA scans:

  • CycloneDX SBOM (VEX details included)
  • CSAF VEX document
  • SARIF (also available for DAST scans)

All Community Edition accounts and accounts in trial will also have access to SBOM, VEX, and SARIF exports.

To Generate SOOS Reports for Export:

Reports can be generated for both current scan data and historical scan data.

Latest Scan
  1. From the SOOS dashboard select the desired project.  Once on the Project Details page click the Export tab.
  2. On the Export tab select Latest SCA Scan or Latest DAST Scan depending on the report required.
  3. Select the type of report to generate in the Export Format dropdown, as well as the applicable File Type.
    Note - By default SCA SBOMs will not include vulnerabilities.  To include vulnerability information in your SBOM export select the Include Vulnerabilities box.
  4. Select Generate Export when all selections are complete.
  5. When the Export is generating  you may navigate away from this page.  Once the Export is ready for download it can be found in the Recent Exports list in the left nav, or at the bottom of the Export tab for the desired project.

Historical Scans
  1. While viewing the Project Detail page, select the History tab.
  2. Locate the date/time of the desired scan and select the Export icon.  This will open the Export tab - ensure the correct date/time of the desired scan is shown in the Scan to Export field.
  3. Select the necessary options and Generate Export, as outlined above.
  4. Repeat for all other historical scan data as needed.