All of our integration scripts have been migrated to TypeScript and are now published on NPM. Among other things, moving to typescript allows for more standardization and re-use between our scripts, and thus a more consistent user experience when integrating with SOOS.

Our legacy integration scripts will be deprecated on February 6 2024.  Beginning on that date, all scans using legacy integrations will fail - please upgrade your integration(s) now to avoid scan fail errors.

Visit to access the new integration scripts for all supported CI/CD systems. 


Below are changes to the available SCA script parameters to be aware of when converting your integration(s) to the new TypeScript versions.  For more information about the new TypeScript package please refer to SOOS Security Analysis wrapper script on GitHub.

Obsolete Parameters

TypeScript integrations for SOOS no longer use the following parameters previously employed in the Python scripts:

  • --mode
    • the default is now 'run and wait'
  • --resultMaxWait
  • --resultPollingInterval
  • --verbosity
  • --sarif
  • --gpat
New Parameters

TypeScript integrations introduce the following new parameters:

  • --outputFormat 
    • Replaces -sarif, -gpat
    • Example: --outputFormat="sarif"
  • --logLevel
    • Determines the minimum log level.  Options are: PASS, IGNORE, INFO, WARN or FAIL
Updated Parameters

The filesToExclude and directoriesToExclude parameters now utilize Glob pattern syntax for more precise targeting:

  • --filesToExclude
    • Use to exclude specific files
    • Example:   **/bin/start/**   or    /bin/start/
  • --directoriesToExclude     
    • Use to exclude entire directories
    • Example:  **/bin/start/requirements.txt   or   /bin/start/requirements.txt


We have migrated our DAST wrapper to TypeScript and updated it to better support the native ZAP options and configurations.  This not only allows for more flexibility when running DAST, but also removes some of the confusion around multiple configuration options.
Below please find a description of the changes to the available DAST parameters and considerations about which you should be aware.  Refer to this updated list of DAST parameters for additional information about the use of each.
Obsolete Parameters
  •  --authDisplay
  • --configFile
  • --contextUser
  • --gpat
  • --reportRequestHeaders
  • --rules
  • --sarif
  • --sarifDestination
  • --zapOptions
New Parameters
  • --verbose
  • --authVerificationURL
Updated Parameter
  • --level   changed to  --logLevel