Software Composition Analysis
SOOS Software Composition Analysis provides a single dashboard to manage your open source packages and libraries.
The SOOS software composition analysis tools include a deep dependency tree vulnerability scan of your open source packages to mitigate security risks. SOOS SCA management also includes an analysis of the open source licenses for every package in your project/manifest.
SCAN YOUR CODE
AND TRY FOR FREE!*
Unlimited Projects. Unlimited Users. Unlimited Scans.
No credit card is required.
- Find Open Source Vulnerabilities
- Push Fixes
- Monitor Vulnerabilities in Real Time
SOOS’ cloud-based Software Composition Analysis tool is setup up in minutes to scan your source repository manifests in real-time. The system automatically inventories and updates the analysis with every change. The open source vulnerability scan identifies vulnerable packages, indicates what the fix is, and integrates easily into the development team’s CI/CD pipeline and workflow tools to make fixing and monitoring easy. SOOS makes it easy to find all the license types included in the open source packages, libraries, and components of your project, as well as their dependencies. SOOS provides proprietary license attribution definitions that make it easy to spot open source license difficulties for commercial applications, web applications, internal applications, patentability, source modifications, installable applications, and attribution information.
Want to collect all the open source license names and open source license text in one place? SOOS makes that point-and-click easy by including that as options in the generation of the Software Bill of Materials (SBOM). SOOS stores the history of the project to give you the ability to understand the open source license changes over time.
What are open source vulnerabilities and where are they found?
Software coding flaws or misconfigurations can let attackers gain unauthorized access to a system or network. SOOS builds a comprehensive database by following the deep dependency tree of any open source project to find reported vulnerabilities and remediations (including those found deep in open source code project repositories like Github security issues) which is used by SOOS’s cloud-based software vulnerability scanner.
What else do you get with SOOS?
Unlimited Projects, Unlimited Users, Unlimited Scans, CI/CD Integrations, Typo Detection, Suggested Fixes, Rich Vulnerability Management Dashboards, SBOM generation, Open Source License Management, Issue Trackers, and a Robust Governance package.
We support major programming languages.
Open source license libraries supported
Open source languages/package managers supported: Python/PiPI, Node/NPM, RUBY/RUBYGems, Java/Maven, and .NET/NuGet.