SOOS

Modern AppSec

Software Composition Analysis

SOOS Software Composition Analysis provides a single dashboard to manage your open source packages and libraries.
The SOOS software composition analysis tools include a deep dependency tree vulnerability scan of your open source packages to mitigate security risks. SOOS SCA management also includes an analysis of the open source licenses for every package in your project/manifest.

SCAN YOUR CODE
AND TRY FOR FREE!*

Unlimited Projects. Unlimited Users. Unlimited Scans.
No credit card is required.

Sign up now
lock & key
  • Find Open Source Vulnerabilities
  • Research
  • Prioritize
  • Push Fixes
  • Monitor Vulnerabilities in Real Time

SOOS’ cloud-based Software Composition Analysis tool is setup up in minutes to scan your source repository manifests in real-time. The system automatically inventories and updates the analysis with every change. The open source vulnerability scan identifies vulnerable packages, indicates what the fix is, and integrates easily into the development team’s CI/CD pipeline and workflow tools to make fixing and monitoring easy. SOOS makes it easy to find all the license types included in the open source packages, libraries, and components of your project, as well as their dependencies. SOOS provides proprietary license attribution definitions that make it easy to spot open source license difficulties for commercial applications, web applications, internal applications, patentability, source modifications, installable applications, and attribution information.

Want to collect all the open source license names and open source license text in one place? SOOS makes that point-and-click easy by including that as options in the generation of the Software Bill of Materials (SBOM). SOOS stores the history of the project to give you the ability to understand the open source license changes over time.

What are open source vulnerabilities and where are they found?

Software coding flaws or misconfigurations can let attackers gain unauthorized access to a system or network. SOOS builds a comprehensive database by following the deep dependency tree of any open source project to find reported vulnerabilities and remediations (including those found deep in open source code project repositories like Github security issues) which is used by SOOS’s cloud-based software vulnerability scanner.

laptop
tablet

What else do you get with SOOS?

Unlimited Projects, Unlimited Users, Unlimited Scans, CI/CD Integrations, Typo Detection, Suggested Fixes, Rich Vulnerability Management Dashboards, SBOM generation, Open Source License Management, Issue Trackers, and a Robust Governance package.

Integrations

Ruby Logo
.NET Logo
JavaScript Logo
PHP Logo
Gradle Logo
Rust Logo
Dart Logo
Homebrew Logo
Elixir Logo
Erlang Logo

We support major programming languages.

Java LogoJava
Python LogoPython
Ruby LogoRuby
.NET Logo.NET
JavaScript LogoJavaScript
PHP LogoPHP
Gradle LogoGradle
Rust LogoRust
Dart LogoDart
Homebrew LogoHomebrew
Elixir LogoElixir
Erlang LogoErlang

Open source license libraries supported

Open source languages/package managers supported: Python/PiPI, Node/NPM, RUBY/RUBYGems, Java/Maven, and .NET/NuGet.

Don’t ignore your open source code any longer

Sign up now
Sooster Torso