FAQ

Scanning Development Dependencies

1min
by default soos does not scan dev/test dependencies for ci/cd integrated scans, however this setting may be enabled under dependency configurations docid\ au5a2yyr9kchwhitdl u1 dependencies matching the following descriptions will be considered dev dependencies and will be ignored unless include dev/test dependencies is enabled dependencies in manifests (all languages) marked as optional specific to java projects dependencies marked with a < scope>test\</scope> tag or \<scope>import\</scope> tag dependencies listed under a \<plugin> section dependencies listed under a \<profile> section marked with \<id>test\</id>, \<id>debug\</id> , \<id>demo\</id> , or \<id>build\</id> all scans performed on uploaded manifests via the run a quickscan docid\ btqhfzqnd61qathhnhhb7 feature will include dev/test dependencies by default