All of our integration scripts have been migrated to TypeScript and are now published on NPM. Among other things, moving to typescript allows for more standardization and re-use between our scripts, and thus a more consistent user experience when integrating with SOOS.
Our legacy integration scripts will be deprecated on February 6 2024. Beginning on that date, all scans using legacy integrations will fail - please upgrade your integration(s) now to avoid scan fail errors.
Visit app.soos.io/integrate to access the new integration scripts for all supported CI/CD systems.
SCA
Below are changes to the available SCA script parameters to be aware of when converting your integration(s) to the new TypeScript versions. For more information about the new TypeScript package please refer to SOOS Security Analysis wrapper script on GitHub.
Obsolete Parameters
TypeScript integrations for SOOS no longer use the following parameters previously employed in the Python scripts:
--mode
- the default is now 'run and wait'
--resultMaxWait
--resultPollingInterval
--verbosity
--sarif
--gpat
New Parameters
TypeScript integrations introduce the following new parameters:
--outputFormat
- Replaces
-sarif,
-gpat
- Example:
--outputFormat="sarif"
- Replaces
--logLevel
- Determines the minimum log level. Options are: PASS, IGNORE, INFO, WARN or FAIL
Updated Parameters
The filesToExclude
and directoriesToExclude
parameters now utilize Glob pattern syntax for more precise targeting:
--filesToExclude
- Use to exclude specific files
- Example:
**/bin/start/**
or/bin/start/
--directoriesToExclude
- Use to exclude entire directories
- Example:
**/bin/start/requirements.txt
or/bin/start/requirements.txt
DAST
Obsolete Parameters
- --authDisplay
- --configFile
- --contextUser
- --gpat
- --reportRequestHeaders
- --rules
- --sarif
- --sarifDestination
- --zapOptions
New Parameters
- --verbose
- --authVerificationURL
Updated Parameter
- --level changed to --logLevel