Using Package Masks

Under Package Mask Configurations you can specify your company's internal package naming convention.

Package masks help SOOS identify your internally developed packages when SCA scans are performed. Adding package masks helps SOOS link together projects and avoid gaps when generating dependency trees by ensuring that your internal packages are not shown as Unknown Package Issues within the dependency tree.

More importantly, it helps to warn you about Dependency Substitution attacks where a malicious actor may try to publish a public package with the same name as your internal packages.