The following report types are available to all SOOS accounts, all are available in HTML and CSV file formats:

  • SCA reports:
    • "SOOS Vulnerabilities"
      • Severity, CVE ID, affected package, and link to more information for all vulnerabilities in the given project.
    • "SOOS Packages"
      • Package ID, version, and link to package details for all packages in the given project.
    • "SOOS Licenses"
      • License name, SPDX ID, link to license details, and full license text for all licenses in the given project.
  • DAST report:
    • "SOOS Issues"
      • Issue severity and title (with CWE ID) for all web vulnerabilities in the given project.
    • SARIF

SOOS accounts with access to SBOM Export or SBOM Manager license will also have the ability to produce the following reports for SCA scans:

  • SPDX SBOM
  • CycloneDX SBOM (VEX details included)
  • CSAF VEX document
  • SARIF

SOOS accounts with access to SAST scanning can produce the following reports:

  • "SOOS Issues" (export as HTML and CSV)
  • SARIF (export as JSON)

To Generate SOOS Reports for Export:

Reports can be generated for both current scan data and historical scan data.

Latest Scan
  1. From the SOOS dashboard select the desired project.  Once on the Project Details page click the Export tab.
    Project detail page displaying Export tab
  2. On the Export tab select Latest SCA Scan or Latest DAST Scan depending on the report required.
  3. Select the type of report to generate in the Export Format dropdown, as well as the applicable File Type.
    Note - By default SCA SBOMs will not include vulnerabilities.  To include vulnerability information in your SBOM export select the Include Vulnerabilities box.
    Include Vulnerabilities selection
  4. Select Generate Export when all selections are complete.

  5. When the Export is generating  you may navigate away from this page.  Once the Export is ready for download it can be found in the Recent Exports list in the left nav, or at the bottom of the Export tab for the desired project.

    Recent Exports list

Historical Scans
  1. While viewing the Project Detail page, select the History tab.
  2. Locate the date/time of the desired scan and select the Export icon.  This will open the Export tab - ensure the correct date/time of the desired scan is shown in the Scan to Export field.
  3. Select the necessary options and Generate Export, as outlined above.
  4. Repeat for all other historical scan data as needed.
    Historical scan list indicating historical export option
    Scan to export date and time stamp