Scanning Frequencies
SOOS uses different scanning frequencies based on the type of scan being run. We'll outline those below and also explain how to configure these frequencies.
Before diving into the frequencies, we should note that unlike other platforms, SOOS encourages the use of per commit scanning as well as daily rescans. Meaning, we suggest that you configure your build or deploy pipeline to run SOOS on every change and also support automatic daily rescans so that even less active projects are continually checked for new issues and vulnerabilities. SOOS provides advanced configuration options to allow scan configurations per branch, as outlined below.
This approach is different than many other platforms which simply perform one daily scan.
Running a scan on every commit using a CI/CD or Webhook integration with SOOS ensures that code changes, as well as new vulnerabilities detected during the day, will be identified immediately using SOOS' patented analysis engine. At any point in time you can also force a scan by selecting "Rescan" under your project/branch in the UI.
Additionally, SOOS can be configured to rescan specific branches on a daily schedule if no scans previously ran that day. You may also notice here that there are a few other settings that can be configured per branch, learn more about these under Branch Scan Configurations.
We recommend running more frequent Baseline scans, such as with each deployment and running scheduled (usually daily) Full scans. Visit DAST Scan Modes to learn more about the differences between these types of scans.
Because SOOS provides a SAST/Secrets connector and not an implementation we recommend following the recommendations from the tool provider, but we are happy to ingest SAST results as often as necessary.
