SOOS is the affordable, easy-to-integrate Software Composition Analysis solution for your whole team.
Use SOOS to scan your software for vulnerabilities and open source license issues with SOOS Core SCA. Generate SBOMs. Govern your open source dependencies. Run the SOOS DAST vulnerability scanner against your web apps or APIs.
Demo SOOS or Register for a Free Trial.
If you maintain an Open Source project, sign up for the Free as in Beer SOOS Community Edition.
The SOOS SCA Plugin will locate and analyze any supported manifest files under the specified directory.
To use SOOS SCA Plugin you need to:
- C++ - Conan
- Cargo - Rust
- Composer - PHP
- Dart PM (Pub Package Manager) - Dart
- Go Modules - GoLang
- Gradle - Java & Kotlin
- Homebrew - (various languages)
- Maven - Java
- Mix - Elixir
- NuGet - .NET
- NPM (Node Package Manager) - Node
- PyPI - Python
- Rebar3 - Erlang
- Ruby Gems - Ruby
Our full list of supported manifest formats can be found here.
Visit soos.io to create your trial account.
Install or upgrade the SOOS SCA Plugin from Jenkins Plugin Manager with these steps. Once complete, you’re all set to add a SOOS SCA step to your projects.
Log in to your Jenkins instance to install the SOOS SCA Plugin. Navigate to Manage Jenkins > Manage Plugins and select Available tab. Search for SOOS SCA and from list, check the radio button to install the plugin for your Jenkins installation. After that just need to click the install button.
Show example
To manually install the plugin you have two options:
- Download and copy the plugin .hpi file into /plugins/, and restart the server.
- Download the .hpi file, log in to your Jenkins instance, go to Manage Jenkins > Manage Plugins and select Advanced tab. Just choose the soos-sca.hpi file, and click the Upload button to install it.
Show example
SOOS SCA needs environment variables which are passed as parameters. These environment variables are stored by checking "Environment variables" on Manage Jenkins > Configure System > Global Properties, and they are required for the plugin to operate.
| Property | Description |
|---|---|
| SOOS_CLIENT_ID | Provided to you when subscribing to SOOS services. |
| SOOS_API_KEY | Provided to you when subscribing to SOOS services. |
These values can be found in the SOOS App under Integrate.
Show parameters
Select/Inputs Default Description Project Name "" REQUIRED. A custom project name that will present itself as a collection of test results within your soos.io dashboard. Directories To Exclude "" List (comma separated) of directories (relative to ./) to exclude from the search for manifest files. Example - Correct: bin/start/ ... Example - Incorrect: ./bin/start/ ... Example - Incorrect: /bin/start/' Files To Exclude "" List (comma separated) of files (relative to ./) to exclude from the search for manifest files. Example - Correct: bin/start/manifest.txt ... Example - Incorrect: ./bin/start/manifest.txt ... Example - Incorrect: /bin/start/manifest.txt' On Failure "Fail the build" Stop the building in case of failure, alternative: "Continue on failure" Analysis Result Max Wait 300 Maximum seconds to wait for Analysis Result before exiting with error. Analysis Result Polling Interval 10 Polling interval (in seconds) for analysis result completion (success/failure.). Min 10. API Base URL "https://api.soos.io/api/" The API BASE URI provided to you when subscribing to SOOS services. Package Manager "" Comma separated list of names of Package Managers to filter manifest search.