Follow these instructions to get set up SCA scanning in no time:
-
Running your first scan is quick and easy
- Create your first project by running a Manifest Scan to see issues without needing to integrate
- Use the simple Python script in your Terminal to easily run a scan of your local files.
-
Get Integrated
-
Use GitHub, CI/CD, Script, and External Data Connection integrations to power up SOOS. We integrate with some of the most popular build systems to make it easy to start scanning your packages
- Get SOOS hooked into your ticketing system so you can quickly and easily move suggested fixes into your standard development workflow
-
-
Build Governance Policies
-
Create organizational policies around package and license use to ensure unwanted code is not accidentally brought into your projects. You can configure policies around:
- License Name
- Package Name
- License Attributes
- GitHub Attributes
- Package Installs
- Release Frequency
- Dependency Depth
-
-
Configure SOOS
-
Configure the SOOS application to handle your packages, dependencies, scans, and actions
-
Settings can be set globally, or at the individual project level
- Update your settings at any time
-
-
Research and Fix your Issues
- Review your issues and take action on any vulnerabilities or policy violations as they arise
- Helpful Tip: Add more users to really get the benefits of SOOS
-
Amp up your overall security by adding DAST Scanning