SOOS Community Edition SCA is a free Software Composition Analysis (SCA) tool designed for open source projects using public GitHub repositories. It enables developers to identify and manage vulnerabilities in open source dependencies across a wide range of programming languages. Key capabilities include: - Vulnerability detection with rankings based on severity, impact, and exploitability - Typosquatting detection to identify malicious lookalike packages - License analysis to verify open source package licenses, permitted usage, and attributions - SBOM (Software Bill of Materials) generation in SPDX and CycloneDX formats, with VEX support - Suggested fix recommendations providing upgrade paths for vulnerable packages - A centralized dashboard for tracking vulnerabilities, compliance, and governance issues The tool supports a broad set of programming languages including Java, Python, Ruby, .NET, JavaScript, PHP, Gradle, Rust, Dart, Homebrew, Elixir, Erlang, Golang, and C++. It integrates directly with GitHub for repository scanning on every build and connects with Jira and GitHub Issues for issue tracking and management. The Community Edition is available at no cost, with a frictionless self-service registration process. It supports unlimited users and unlimited scans, making it accessible for teams of any size working on open source projects.