SOOS Container Security

SOOS Container Security is a container vulnerability scanning tool that combines dependency tree scanning with container image analysis. It scans Linux package managers, open source applications, and SBOMs (Software Bill of Materials) to identify vulnerabilities and license issues within containers. Key capabilities include deep dependency tree scanning, which traverses transitive dependencies to surface vulnerabilities buried in nested software components. Vulnerabilities are ranked by severity, impact, and exploitability to assist with prioritization. The tool also provides suggested upgrade paths to help remediate identified issues. SOOS Container Security integrates into CI/CD pipelines for scanning on every build, and supports continuous monitoring of deployed containers. A Quickscan option is available for ad-hoc evaluations outside of a pipeline context. License analysis is included, allowing teams to verify the licenses and usage attributes of open source packages. SBOM export is supported in both SPDX and CycloneDX formats, with VEX (Vulnerability Exploitability eXchange) support. The tool operates through a Dockerized scanning agent and shares a unified web dashboard with other SOOS products (SCA, DAST, and SBOM Manager), enabling centralized visibility across application and container security posture. Supported languages and ecosystems include Java, Python, Ruby, .NET, JavaScript, PHP, Gradle, Rust, Dart, Homebrew, Elixir, Erlang, Golang, and C++.