Software Composition Analysis

SOOS Software Composition Analysis provides a single dashboard to manage your open source packages and libraries.
The SOOS software composition analysis tools include a deep dependency tree vulnerability scan of your open source packages to mitigate security risks. SOOS SCA management also includes an analysis of the open source licenses for every package in your project/manifest.

Scan your code
AND TRY FOR FREE!*


Unlimited Projects. Unlimited Users. Unlimited Scans.
No credit card is required.

SIGN UP NOW
  • Find Open Source Vulnerabilities
  • Research
  • Prioritize
  • Push Fixes
  • Monitor Vulnerabilities in Real Time

SOOS’ cloud-based Software Composition Analysis tool is setup up in minutes to scan your source repository manifests in real-time. The system automatically inventories and updates the analysis with every change. The open source vulnerability scan identifies vulnerable packages, indicates what the fix is, and integrates easily into the development team’s CI/CD pipeline and workflow tools to make fixing and monitoring easy. SOOS makes it easy to find all the license types included in the open source packages, libraries, and components of your project, as well as their dependencies. SOOS provides proprietary license attribution definitions that make it easy to spot open source license difficulties for commercial applications, web applications, internal applications, patentability, source modifications, installable applications, and attribution information.

Want to collect all the open source license names and open source license text in one place? SOOS makes that point-and-click easy by including that as options in the generation of the Software Bill of Materials (SBOM). SOOS stores the history of the project to give you the ability to understand the open source license changes over time.

What are open source vulnerabilities and where are they found?

Software coding flaws or misconfigurations can let attackers gain unauthorized access to a system or network. Open source code packages and libraries can have these vulnerabilities. When these flaws are identified in an open source package they are reported in the National Vulnerabilities Database (NVD) and the Common Vulnerabilities and Exposures (CVE) systems. Additionally, SOOS’s cloud-based software vulnerability scanner includes vulnerabilities that are listed in Github issues.

What else do you get with SOOS?

Unlimited Projects, Unlimited Users, Unlimited Scans, CI/CD Integrations, Typo Detection, Suggested Fixes, Rich Vulnerability Management Dashboards, SBOM generation, Open Source License Management, Issue Trackers, and a Robust Governance package.

Open source license libraries supported

Open source languages/package managers supported: Python/PiPI, Node/NPM, RUBY/RUBYGems, Java/Maven, and .NET/NuGet.

Start scanning your open source for vulnerabilities with our free trial