Document third-party software components with risk assessments ensuring safe integration and regulatory compliance.
SOUP ID | Software Item | SOUP Name | Version | Manufacturer | Description | Risk Level | License | Requirements |
---|---|---|---|---|---|---|---|---|
SOUP-001 | Mobile App | React Native | 0.72.4 | Meta | Cross-platform mobile app framework | Low | MIT | UI rendering and navigation functionality |
SOUP-002 | Backend | Express.js | 4.18.2 | OpenJS Foundation | Web application framework | Medium | MIT | HTTP request handling, API routing, requires Node.js runtime |
SOUP-003 | Backend | bcrypt | 5.1.0 | Kelvin Sherlock | Password hashing library | High | Apache-2.0 | Secure password hashing for user authentication, must provide cryptographic security equivalent to 256-bit encryption |
SOUP-004 | Database | PostgreSQL | 15.3 | PostgreSQL Global Development Group | Relational database system | High | PostgreSQL License | Patient data storage with ACID compliance, backup and recovery capabilities, encryption at rest |
SOUP-005 | Backend | jsonwebtoken | 9.0.2 | Auth0 | JWT token implementation | High | MIT | Secure user session management, token expiration handling, cryptographic signature validation |
SOUP-006 | Mobile App | React Navigation | 6.1.7 | React Navigation Contributors | Navigation library for React Native | Low | MIT | Screen navigation and routing functionality |
SOUP-007 | Backend | Helmet.js | 7.0.0 | Adam Baldwin | Security middleware for Express | Medium | MIT | HTTP security headers, XSS protection, requires Express.js compatibility |
How do I create a comprehensive SOUP list?
How should third-party software integration be approached?
What's the difference between SOUP and Off-The-Shelf software?
How do I handle SOUP version updates?
What level of detail should I include for SOUP components?
How do I monitor SOUP for security vulnerabilities?