Getting Started with SOOS

What Can SOOS Scan?

8min

SOOS supports many different types of scanning based on your tech stack and requirements. Each scan type has multiple ways of integration, most support integration through numerous CI systems, file upload, or direct GitHub integration. All scan types that SOOS supports will flow into the Dashboards and can be viewed alongside your other scan results.

Software Composition Analysis (SCA)

SCA helps ensure that the open source components that developers embed in their applications meet basic security standards and do not introduce risk to the organization.

SOOS Core SCA runs a proprietary, patented, analysis engine which performs deep dependency analysis, license analysis, vulnerability detection and cryptographic validation using our database of 84+ million packages.

Dynamic Application Security Testing (DAST)

DAST tools are crucial to use in combination with Software Composition Analysis (SCA). There can be a huge difference between vulnerabilities found in code running in real-time vs. the static code stored in a repository.

SOOS DAST wraps the ZAP tool and ingests the results into our central dashboards so results can be viewed alongside all our other supported scan types.

Software Bill of Materials (SBOM)

SBOM scanning ensures that first and third party SBOMs can be scanned to identify vulnerabilities and other issues within an organization's software inventory, including all components and dependencies used in building applications. This comprehensive analysis helps in maintaining transparency and security throughout the software supply chain.

SOOS SBOM scanning is built on the same proprietary, patented analysis engine as our SCA scanning, which runs deep dependency analysis, license analysis, and vulnerability detection using our database of 84+ million packages. SOOS SBOM will continually monitor your SBOMs for new threats, and will automatically link together dependent SBOMs.

Get started with SBOM Scanning


Containers

Container scanning ensures that issues are caught with an organizations deployed applications, as well as with the runtime packages and applications required to run these applications.

SOOS Container scanning is built on the same proprietary, patented analysis engine as our SCA scanning, which runs deep dependency analysis, license analysis, and vulnerability detection using our database of 84+ million packages.

Static Application Security Testing (SAST)

SAST is a key security process that examines source code for vulnerabilities. It's automated, used early in development, and identifies potential security flaws in code. SAST analyzes code from within, seeking patterns indicating weaknesses. It helps ensure code security and compliance with standards, enhancing software security and reliability.

SOOS supports a SAST connector approach, where you provide the SAST tool you want to use and SOOS will ingest the results to display in our central dashboards, supporting ticket creation, suppressions, and reporting.

Secrets Detection

Secrets detection analyzes source code an configuration files to ensure that API keys, connection strings and other sensitive information is not exposed.

SOOS supports a Secret connector approach, where you provide the Secret detection tool you want to use and SOOS will ingest the results to display in our central dashboards, supporting ticket creation, suppressions, and reporting.



Updated 25 Feb 2025
Doc contributor
Did this page help you?
PREVIOUS
Getting Started with SOOS
NEXT
Who is SOOS?
Docs powered by Archbee