SOOS Core

SOOS SCA:

• SOOS’s Software Composition Analysis (SCA) tool identifies vulnerabilities and license issues deep in your application's dependency tree, providing actionable fixes in seconds to keep your code compliant and secure. Quick scans, ticket auto-creation for fixes, and automatic SBOM creation and management help you fix issues when they’re easier to fix: before they’re released.

SOOS Exports:

• Easily export SBOMs in industry-standard formats like CycloneDX, SPDX, and SARIF to meet regulations, ensure compliance, and build trust. Include VEX attestations, access historical data for point-in-time views of software composition, and generate standalone CSAF VEX documents. Automate report generation in your CI/CD for historical use off-platform.

SAST:

• Use SOOS’s SAST tool to manage SAST results in the same view as your other vulnerability and license issues. Detect vulnerabilities early and save time by simplifying the security review process, auto-creating tickets in your issue manager, and configuring notifications.

DAST:

• Keep your production environments protected with SOOS DAST, which combines pipeline-integrated, no-limit web app and API scanning with configurable scan rules to surface the issues that matter most to your business, and not burden your developers with manual tool operations.

Containers:

• Find problems earlier with SOOS’s deep-tree scanning for your containers. Quickly identify and prioritize fixes with business-specific and risk-based rules, and automatically create tickets in your issue manager to stay in your workflow.