{"id":40058351,"url":"https://github.com/soos-io/soos-ci-analysis-circleci-orb","last_synced_at":"2026-01-19T07:07:57.993Z","repository":{"id":38186110,"uuid":"391061021","full_name":"soos-io/soos-ci-analysis-circleci-orb","owner":"soos-io","description":"SOOS SCA Core Analysis for CircleCI - Register for a Free Trial at https://app.soos.io/register","archived":false,"fork":false,"pushed_at":"2025-11-14T20:06:32.000Z","size":51,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-14T21:26:10.851Z","etag":null,"topics":["circle-ci","circleci","circleci-orb","circleci-orbs","sca","security-audit","security-tools","securiy","soos","vulnerabilities","vulnerability","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://soos.io/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soos-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-07-30T12:42:35.000Z","updated_at":"2025-11-14T20:06:35.000Z","dependencies_parsed_at":"2023-12-26T16:49:39.761Z","dependency_job_id":"2422cd57-9d8d-4b34-92ad-f48042164e99","html_url":"https://github.com/soos-io/soos-ci-analysis-circleci-orb","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/soos-io/soos-ci-analysis-circleci-orb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soos-io%2Fsoos-ci-analysis-circleci-orb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soos-io%2Fsoos-ci-analysis-circleci-orb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soos-io%2Fsoos-ci-analysis-circleci-orb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soos-io%2Fsoos-ci-analysis-circleci-orb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soos-io","download_url":"https://codeload.github.com/soos-io/soos-ci-analysis-circleci-orb/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soos-io%2Fsoos-ci-analysis-circleci-orb/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28562707,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T03:31:16.861Z","status":"ssl_error","status_checked_at":"2026-01-19T03:31:15.069Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["circle-ci","circleci","circleci-orb","circleci-orbs","sca","security-audit","security-tools","securiy","soos","vulnerabilities","vulnerability","vulnerability-detection","vulnerability-scanners"],"created_at":"2026-01-19T07:05:57.434Z","updated_at":"2026-01-19T07:07:57.988Z","avatar_url":"https://github.com/soos-io.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [SOOS Core SCA for Circle CI](https://soos.io/sca-product)\n\nSOOS is an independent software security company, located in Winooski, VT USA, building security software for your team. [SOOS, Software security, simplified](https://soos.io).\n\nUse SOOS to scan your software for [vulnerabilities](https://app.soos.io/research/vulnerabilities) and [open source license](https://app.soos.io/research/licenses) issues with [SOOS Core SCA](https://soos.io/products/sca). [Generate and ingest SBOMs](https://soos.io/products/sbom-manager). [Export reports](https://kb.soos.io/help/soos-reports-for-export) to industry standards. Govern your open source dependencies. Run the [SOOS DAST vulnerability scanner](https://soos.io/products/dast) against your web apps or APIs. [Scan your Docker containers](https://soos.io/products/containers) for vulnerabilities. Check your source code for issues with [SAST Analysis](https://soos.io/products/sast).\n\n[Demo SOOS](https://app.soos.io/demo) or [Register for a Free Trial](https://app.soos.io/register).\n\nIf you maintain an Open Source project, sign up for the Free as in Beer [SOOS Community Edition](https://soos.io/products/community-edition).\n\n## soos-ci-analysis-circleci-orb\n\nA [CircleCI Orb](https://circleci.com/docs/2.0/orb-intro/) for using [SOOS](https://soos.io) to check for\nvulnerabilities in your projects.\n\nExample usage:\n\n```yaml\nversion: 2.1\n\norbs:\n  soos: soos-io/sca@x.y.z\n\n#\n# The Workflow is the example of how a user would integrate with the SOOS Orb\n#\nworkflows:\n  main:\n    jobs:\n\n      - soos/analysis_async_init:\n          client_id: \"\u003c\u003cSOOS Client Id\u003e\u003e\"\n          api_key: \"\u003c\u003cSOOS API Key\u003e\u003e\"\n\n      - soos/analysis_async_result:\n          client_id: \"\u003c\u003cSOOS Client Id\u003e\u003e\"\n          api_key: \"\u003c\u003cSOOS API Key\u003e\u003e\"\n\n          requires:\n           - soos/analysis_async_init\n        \n```\n\nThe SOOS Action has properties which are passed to the action using `with`.\n\n| Property | Default | Description |\n| --- | --- | --- |\n| client_id |  | SOOS Client ID - get yours from [SOOS Integration](https://app.soos.io/integrate/sca). Uses `SOOS_API_CLIENT` env value if present.  \n| api_key |  | SOOS API Key - get yours from [SOOS Integration](https://app.soos.io/integrate/sca). Uses `SOOS_API_KEY` env value if present.\n| branch_name              | `CIRCLE_BRANCH` | Branch Name to create scan under |\n| build_version           | |Version of application build artifacts. |\n| on_failure | `continue_on_failure`  | Flag indicating whether or not to return an error code if errors are found in the SOOS CLI or SOOS analysis. |\n| output_format   |        | Output format for vulnerabilities: only the value SARIF is available at the moment |  \n| directories_to_exclude |  | Listing of directories or patterns to exclude from the search for manifest files. eg: **bin/start/**, **/start/** |\n| files_to_exclude | | Listing of files or patterns patterns to exclude from the search for manifest files. eg: **/req**.txt/, **/requirements.txt |\n| package_managers | | List (comma separated) of Package Managers to filter manifest search. (Dart, Erlang, Homebrew, PHP, Java, Nuget, NPM, Python, Ruby, Rust.)|\n| log_level | `INFO`  | Log level to show: DEBUG, INFO, WARN, FAIL, ERROR.|\n\nThe SOOS Action has environment variables which are passed to the action using `env`. These environment variables are stored as project `environment variables` and are required for the action to operate.\n\n| Property | Description |\n| --- | --- |\n| SOOS_PROJECT_NAME | A custom project name that will present itself as a collection of test results within your soos.io dashboard. |\n| SOOS_BASE_URI | The API BASE URI provided to you when subscribing to SOOS services. |\n| SOOS_ROOT_CODE_PATH | The relative path from the workspace to search for manifest files to analyze. |\n| SOOS_CLIENT_ID | Provided to you when subscribing to SOOS services. |\n| SOOS_API_KEY | Provided to you when subscribing to SOOS services. |\n\n\n## EXAMPLE: Asynchronous scan that contains other CI logic between the two SOOS jobs:\n\n```yaml\nversion: 2.1\n\norbs:\n  soos: soos-io/sca@1.0.0\n\nworkflows:\n  main:\n    jobs:\n\n      # NOTE: YOUR OTHER JOBS GO HERE\n\n      - soos/analysis_async_init:\n          client_id: \"\u003c\u003cSOOS Client Id\u003e\u003e\"\n          api_key: \"\u003c\u003cSOOS API Key\u003e\u003e\"\n\n      # NOTE: YOUR OTHER JOBS GO HERE\n\n      - soos/analysis_async_result:\n          client_id: \"\u003c\u003cSOOS Client Id\u003e\u003e\"\n          api_key: \"\u003c\u003cSOOS API Key\u003e\u003e\"\n\n          # NOTE: RUNNING ASYNCHRONOUSLY WILL REQUIRE A DEPENDENCY TO BE ESTABLISHED AGAINST THE \"analysis_async_init\" JOB\n          requires:\n           - soos/analysis_async_init\n\n        # NOTE: YOUR OTHER JOBS GO HERE\n        \n```\n### ENVIRONMENT VARIABLES FOR THE ABOVE EXAMPLE\n| Property | Value |\n| --- | --- |\n| SOOS_PROJECT_NAME | \"My Project Name\" |\n| SOOS_BASE_URI | \"https://api.soos.io/api/\" |\n| SOOS_ROOT_CODE_PATH | \"./\" |\n| SOOS_CLIENT_ID | [redacted] |\n| SOOS_API_KEY | [redacted] |\n\n## EXAMPLE: Synchronous scan that continues running until analysis complete or timeout reached:\n\n```yaml\nversion: 2.1\n\norbs:\n  soos: soos-io/sca@x.x.x\n\nworkflows:\n  main:\n    jobs:\n\n      # NOTE: YOUR OTHER JOBS GO HERE\n\n      - soos/analysis_run_and_wait:\n          client_id: \"\u003c\u003cSOOS Client Id\u003e\u003e\"\n          api_key: \"\u003c\u003cSOOS API Key\u003e\u003e\"\n\n      # NOTE: YOUR OTHER JOBS GO HERE\n      \n```\n### ENVIRONMENT VARIABLES FOR THE ABOVE EXAMPLE\n| Property | Value |\n| --- | --- |\n| SOOS_PROJECT_NAME | \"My Project Name\" |\n| SOOS_BASE_URI | \"https://api.soos.io/api/\" |\n| SOOS_ROOT_CODE_PATH | \"./\" |\n| SOOS_CLIENT_ID | [redacted] |\n| SOOS_API_KEY | [redacted] |\n\n\n## EXAMPLE: \"Fire and Forget\" scan that runs and the analysis result is inconsequential to the CI build.\n\n```yaml\nversion: 2.1\n\norbs:\n  soos: soos-io/sca@x.x.x\n\nworkflows:\n  main:\n    jobs:\n\n      # NOTE: YOUR OTHER JOBS GO HERE\n\n      - soos/analysis_async_init:\n          client_id: \"\u003c\u003cSOOS Client Id\u003e\u003e\"\n          api_key: \"\u003c\u003cSOOS API Key\u003e\u003e\"\n\n      # NOTE: YOUR OTHER JOBS GO HERE\n      \n```\n### ENVIRONMENT VARIABLES FOR THE ABOVE EXAMPLE\n| Property | Value |\n| --- | --- |\n| SOOS_PROJECT_NAME | \"My Project Name\" |\n| SOOS_BASE_URI | \"https://api.soos.io/api/\" |\n| SOOS_ROOT_CODE_PATH | \"./\" |\n| SOOS_CLIENT_ID | [redacted] |\n| SOOS_API_KEY | [redacted] |\n\n### How to Publish An Update\n1. Merge pull requests with desired changes to the main branch.\n    - For the best experience, squash-and-merge and use [Conventional Commit Messages](https://conventionalcommits.org/).\n2. Find the current version of the orb.\n    - You can run `circleci orb info soos-io/sca | grep \"Latest\"` to see the current version.\n3. Create a [new Release](https://github.com/soos-io/soos-ci-analysis-circleci-orb/releases/new) on GitHub.\n    - Click \"Choose a tag\" and _create_ a new [semantically versioned](http://semver.org/) tag. (ex: v1.0.0)\n      - We will have an opportunity to change this before we publish if needed after the next step.\n4.  Click _\"+ Auto-generate release notes\"_.\n    - This will create a summary of all of the merged pull requests since the previous release.\n    - If you have used _[Conventional Commit Messages](https://conventionalcommits.org/)_ it will be easy to determine what types of changes were made, allowing you to ensure the correct version tag is being published.\n5. Now ensure the version tag selected is semantically accurate based on the changes included.\n6. Click _\"Publish Release\"_.\n    - This will push a new tag and trigger your publishing pipeline on CircleCI.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoos-io%2Fsoos-ci-analysis-circleci-orb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoos-io%2Fsoos-ci-analysis-circleci-orb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoos-io%2Fsoos-ci-analysis-circleci-orb/lists"}