SOOS DAST

SOOS DAST is a Dynamic Application Security Testing tool that enables automated scanning of web applications and APIs within CI/CD pipelines. It is built on the industry-standard open-source ZAP scanner and runs as a containerized solution via Docker, operating within the user's own environment. The tool supports scanning of web applications (HTML and single-page apps) as well as APIs defined by OpenAPI, SOAP, and GraphQL specifications, including just-in-time generation of OAuth tokens for authenticated scanning. Scanning is unrestricted — there are no limits on the number of domains or concurrent scans. Vulnerability coverage includes SQL Injection, Broken Authentication, Sensitive Data Exposure, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Component Vulnerabilities, and Missing Security Headers. SOOS DAST also incorporates SOOS's patented SCA (Software Composition Analysis) scanner, which identifies OSS vulnerabilities and license issues across 18+ languages and package managers. Results are surfaced through a unified AppSec dashboard that consolidates findings from SOOS SCA, SAST, Container scanning, and SBOM management. The dashboard supports role-based views for engineering, legal, and security teams. Issue management is supported through automatic ticket creation in tools such as Jira, GitHub Issues, Azure DevOps, and Shortcut. Scan results can be pushed to the GitHub Security Panel, and SARIF output is supported. The product also integrates with RKVST SBOM Hub and supports auto-triage with suggested remediation paths.