SOOS SCA (Software Composition Analysis) is a dependency scanning tool that identifies vulnerabilities and license risks in open source packages used within software projects. It uses patented deep-tree scanning to detect issues across an application's full dependency tree, including transitive dependencies. Key capabilities include: - Unlimited scans executable directly from CI/CD pipelines - Deep-tree dependency scanning across all major programming languages (Java, Python, Ruby, .NET, JavaScript, PHP, Gradle, Rust, Dart, Homebrew, Elixir, Erlang, Golang, C++) - Vulnerability detection with prioritization based on severity, exploitability, and public exposure - License analysis to identify open source license types, usage rights, and compliance risks - SBOM (Software Bill of Materials) generation and management for first- and third-party components - Suggested fix recommendations with grouped related issues and upgrade path guidance - Typosquatting detection to catch malicious or misnamed library references - Custom rules for dependency governance, alerting, and notifications - Auto-creation of issue tickets with fix details in connected issue management tools - A unified ASPM dashboard consolidating results from SCA, DAST, SAST, Container, and SBOM scans The tool is designed for developers, security analysts, and legal/compliance teams. It supports repository QuickScans via GitHub integration and can be embedded into automated build pipelines.