Integrations
Integration information is found under the Integrate menu option. The Overview tab provides information on where various scan types fit into the traditional SDLC. Additional tabs exist for each of the types of scans supported by SOOS (see What Can SOOS Scan? for more information).
The layout and usage of each of the scan integration tabs are similar, the example below is for SCA.
The left tab menu, contains a selection of CI/CD systems for which SOOS has already created some boilerplate helper code, as well as a generic Script integration option which should work for any other system or to run locally.
The Account drop down will always contain you (the user's) credentials, but there may also be one or more Service Accounts listed. Selecting alternate accounts will change the API Keys available.
We strongly recommend using a Service Account for any integration run in an automated fashion, such as a CI/CD system.
Two API Keys are available and can be regenerated at any time, use a key rotation scheme to ensure that no downtime is necessary when changing/regenerating keys.
The Client ID (in addition to an API Key) is required for any script invocation.
Be sure to store your client id and API key securely.
For some systems there are multiple integration options, such as various file formats, in the example above there is only one listed.
Use the provided links to browse the Readme as well as the GitHub link to the open source script that will be run when you integrate.
A sample snippet for each supported environment is also provided (use the Environment drop down to change between Linux/Windows/Mac).
