soos-sca

SOOS Core SCA

SOOS is an independent software security company, located in Winooski, VT USA, building security software for your team. SOOS, Software security, simplified.

Use SOOS to scan your software for vulnerabilities and open source license issues with SOOS Core SCA. Generate SBOMs. Govern your open source dependencies. Run the SOOS DAST vulnerability scanner against your web apps or APIs.

Demo SOOS or Register for a Free Trial.

If you maintain an Open Source project, sign up for the Free as in Beer SOOS Community Edition.

soos-ci-analysis-python

Python script to run SOOS Core SCA

Supported Languages and Package Managers

Our full list of supported manifest formats can be found here.

Need an Account?

Visit soos.io to create your trial account.

Running the Script

See Script Knowlege Base Documentation

Linux Shell Script Example

See Linux GitHub Gist

Windows CMD Script Example

See Windows Batch File Gist

Script Arguments

Argument	Default	Description
-h, --help	==SUPPRESS==	show this help message and exit
-hf, --helpFormatted	False	Print the --help command in markdown table format
-m, --mode	run_and_wait	Mode of operation: run_and_wait: Run Analysis & Wait ** Default Value, async_init: Async Init, async_result: Async Result For more information about scan modes, visit https://github.com/soos-io/kb-docs/blob/main/SCA/Script.md
-of, --onFailure	continue_on_failure	On Failure: fail_the_build: Fail The Build continue_on_failure: Continue On Failure ** Default Value
-dte, --directoriesToExclude	None	Listing of directories (relative to ./) to exclude from the search for manifest files. Example - Correct: bin/start/ Example - Incorrect: ./bin/start/ Example - Incorrect: /bin/start
-fte, --filesToExclude	None	Listing of files (relative to ./) to exclude from the search for manifest files. Example - Correct: bin/start/requirements.txt Example - Incorrect: ./bin/start/requirements.txt Example - Incorrect: /bin/start/requirements.txt
-wd, --workingDirectory	None	Absolute path where SOOS may write and read persistent files for the given build. Example - Correct: /tmp/workspace/ Example - Incorrect: ./bin/start/ Example - Incorrect: tmp/workspace
-armw, --resultMaxWait	300	Maximum seconds to wait for Analysis Result. Default 300.
-arpi, --resultPollingInterval	10	Polling interval (in seconds) for analysis result completion (success/failure). Min value: 10
-pm, --packageManagers	None	A list of package managers, delimited by comma, to include when searching for manifest files.
-buri, --baseUri	https://api.soos.io/api/	SOOS API URI Path. Default Value: https://api.soos.io/api/ Intended for internal use only.
-scp, --sourceCodePath	None	Root path to begin recursive search for manifests. Default Value: ./
-pn, --projectName	None	Project name for tracking results, (this will be the one used inside of the SOOS App)
-cid, --clientId	None	Client ID, get yours from https://app.soos.io/integrate/sca
-akey, --apiKey	None	API Key, get yours from https://app.soos.io/integrate/sca
-v, --verbosity	INFO	Set logging verbosity level value (INFO/DEBUG)
--verbose	False	Enable verbose logging
-ch, --commitHash	None	Commit Hash Value
-bn, --branchName	None	Branch Name
-bruri, --branchUri	None	Branch URI
-bldver, --buildVersion	None	Build Version
-blduri, --buildUri	None	Build URI
-oe, --operatingEnvironment	None	Operating Environment
-appver, --appVersion	None	App Version. Intended for internal use only.
-intn, --integrationName	None	Integration Name (e.g. Provider)
-intt, --integrationType	None	Integration Type. Intended for internal use only.
-sarif	False	Generates SARIF Report that later can be uploaded to GitHub

Feedback and Support

See SOOS Knowledge Base