SOOS - Software security, simplified.

SOOS is an independent software security company, located in Winooski, VT USA, building security software for your team. SOOS, Software security, simplified.

Use SOOS to scan your software for vulnerabilities and open source license issues with SOOS Core SCA. Generate and ingest SBOMs. Export reports to industry standards. Govern your open source dependencies. Run the SOOS DAST vulnerability scanner against your web apps or APIs. Scan your Docker containers for vulnerabilities. Check your source code for issues with SAST Analysis.

Demo SOOS or Register for a Free Trial.

If you maintain an Open Source project, sign up for the Free as in Beer SOOS Community Edition.

Overview

This task allows you to run SCA, DAST, SAST, SBOM, and Container scans against your code from within your Azure Pipelines. (Subscription dependent)
To get started, you will need a SOOS account. A free 30-day trial is included that allows SCA, DAST, and SBOM scans.

Getting Started

To start scanning, follow the integration guides:

• SCA
• DAST
• SBOM
• Containers
• SAST

SOOS Core SCA Features

• Identify vulnerable dependencies within your project manifests (Node, Ruby, Python, Java, .Net, etc.). Our full list of supported manifest formats can be found here.
• Robust license and governance policies
• Support for Azure DevOps, Jira, and GitHub issue management
• Export in multiple formats including CycloneDX and Sarif
• Full scan histories

SOOS DAST Features

• All of the features included with SOOS Core SCA
• Scan web apps and APIs (OpenAPI, GraphQL, and SOAP) for vulnerabilities

SOOS SBOM Features

• Ingest, manage, and continually monitor third party SBOMs
• Add SBOMs generated by your in house software developers using SOOS SCA
• Use our API to access any of our 64M+ open source SBOMs

SOOS Containers Features

• SOOS Container Security combines the power of SOOS’s deep dependency tree scanning of applications with the container vulnerability scanning
• Wolfi, Fedora, Alpine linux support and more!

SOOS SAST Features

• Static code analysis
• Sarif import and issue management

Support

For assistance, please check our knowledge base or contact support.