Follow these instructions to get set up SCA scanning in no time:

  1. Run a Manifest Scan

    • Create your first project by running a Manifest Scan to see issues without needing to integrate

  2. Get Integrated

  3. Build Governance Policies

    • Create organizational policies around package and license use to ensure unwanted code is not accidentally brought into your projects.  You can configure policies around: 

      • License Name
      • Package Name
      • License Attributes
      • GitHub Attributes
      • Package Installs
      • Release Frequency
      • Dependency Depth

  4. Configure SOOS

    • Configure the SOOS application to handle your packages, dependencies, scans, and actions

    • Settings can be set globally, or at the individual project level

    • Update your settings at any time
         
  5. Research and Fix your Issues

  6. Amp up your overall security by adding DAST Scanning