When performing an SCA scan, SOOS may occasionally encounter packages which are unknown. When this occurs, the following notification will be displayed on the Project Details page.

SOOS UI message on Project details page warning about packages in the scan that are not foud in the SOOS database

When an unknown package is reported for a scan, SOOS will display any available information about the package in the detail pane of the Dependencies tab, as well as possible reasons the package was unable to be located.  In the meantime, SOOS will continue to attempt to locate the package.  If/when the package is found the details will update in your project the next scan.

If the package is unknown because it is an internal package SOOS will not be able to locate it to provide details.  If this is the case, use the link provided in the alert to access the Configure page to create a package mask. Read about how to create a package mask and the other benefits of setting up package masks in our Using Package Masks article.

Note - be aware that SOOS cannot provide an assessment of the presence (or absence) of vulnerabilities and/or license identification for unknown packages.

SOOS UI message on dependency tree warning about packages in scan not found