Software Dependency Scanning Solution

Type of document: Contract Notice
Country: United States

Software Dependency Scanning Solution

United States Senate

Official Address:
United States Senate Washington DC 20510-7207

Zip Code:

Holly McDonald, Procurement and Contracting Specialist, Email


Date Posted:


Contract Description:
DESCRIPTION: MARKET SURVEY AND BIDDERS LIST DEVELOPMENT – SOURCES SOUGHT REQUEST FOR SOFTWARE DEPENDENCY SCANNING SOLUTION. The U.S. Senate, Office of the Sergeant at Arms (SAA) is seeking information from the vendor community on a Software Dependency Scanning Solution to integrate with bimodal software development methodologies minimizing security vulnerabilities and increasing the speed of software release to the consumer.

Response to this SSN will assist the SAA in the review of current solutions in the marketplace for a dependency scanning solution. The SAA requests responses that detail solutions that: 1) meet or exceed the requirements set forth herein and 2) provide a full description of services offered, methods of implementation, and scope of the solution.

THIS IS A SOURCES SOUGHT NOTIFICATION ONLY. This SSN is solely for information and planning purposes and does not constitute a Request for Proposal (RFP) or a promise to issue an RFP in the future. This SSN does not commit the SAA to contract for any supply or service whatsoever. Further, neither the Senate nor SAA seek proposals at this time; will not accept unsolicited proposals; will not pay for any information or administrative costs incurred in response to this SSN. All costs associated with responding to this SSN will be solely at the interested party’s expense.

All requirements listed below are mandatory unless otherwise noted. All questions require a response. This synopsis contains the currently available information and is subject to change at any time.

REQUIREMENTS: The key functional requirements under consideration for a Software Dependency Scanning Solution must include, but are not limited to, the following:

• Ability to scan applications and their dependent libraries written using:
     o Python/Django
     o Java
     o Visual Basic/C#/ASP/.Net
     o JavaScript/Angular/jQuery/NodeJS
     o PHP

• Ability to identify and provide mitigation tasks for known vulnerabilities;

• Ability to automatically update itself with common vulnerability exposure data feeds or national vulnerability database feeds;

• Ability to provide analytics through dashboards and generate reports;

• Ability to assign User security through role-based controls;

• Ability to integrate in a Tool Chain pipeline if needed.

• Software only solutions are preferred; and,

• Optional: Ability to integrate with a larger set of security tools that have SAST, DAST and Fuzzy testing capability.

RESPONSES: Responses to this SSN shall include a brief response of technical summary to each of the mandatory requirements listed above.

Software Dependency Scanning Solution responses must be in accordance with the following: 

• Respondents must be the OEM provider/vendor. Responses submitted by resellers or third-party integrators will not be evaluated by the SAA.

• Vendor responses must be based on the existing product’s or solution’s current, out-of-the-box, configurable capabilities. The SAA will not evaluate or consider custom or uniquely customized products or solutions.

• The SAA will not evaluate or consider planned or future product enhancements when reviewing responses.

• Offerors of solutions selected to move to the second round of product evaluation by the SAA must be prepared to discuss in detail and demonstrate stated-capabilities relative to some or all listed requirements. Offerors will also need to participate in a 90-day software evaluation hosted in the SAA VMWare Infrastructure, RedHat Virtual infrastructure or OpenShift container platform with minimal vendor support.


In addition, submissions must include:

• Business information to include the following:

      > A cover letter to include name of organization, street address, city, state, and zip code, point of contact (POC), telephone number, fax number, and email address.

The information contained in this notice will be the only information provided by the SAA during the Sources Sought process. All qualified sources should respond to this notice by submitting an information package in accordance with the instructions provided. Contractors responding to this notice and deemed qualified after participating in the 90-day software evaluation hosted by the SAA may be requested to submit a proposal in response to a solicitation.

INSTRUCTIONS: Responses to this Sources Sought Notice are due to the POC no later than 12:00 Noon on November 18, 2019 and shall be submitted electronically via email only to the attention of Holly A. McDonald at The subject line of the email message shall be: SSN 2020-S-0002 entitled “Software Dependency Scanning Solution”.

No other method of transmittal will be accepted. The response shall not exceed twenty-five (25) pages. Unnecessarily elaborate submissions are discouraged. Pages over the page limitation may be discarded. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor’s information.


Response Date:

Sol Number:


Who are we?

From publishing the first national directory of public sector contracts, to being the first to market with our online Tracker solution, we have been the true pioneers of technology and innovation in the public sector marketplace. Throughout our 39 years, we have continued to evolve and chart new territory – placing our customers at the heart of everything we do. Take your business to the next level with Tracker now.

If you request a demo today!

Download your Free UK Defence Industry Report

Get SAAS-Y This Summer with DCI

Start Your Free Trial Today

Download your Free UK Defence Industry Report

Download your Free UK Defence Industry Report

When you sign up for a 3 day free trial or demo.

Limited time only

    BiP Solutions owns DCI and we look after your details carefully. We offer a range of products, services and events (some of which are free) that help buyers tender more efficiently and suppliers find, bid for and win public and private sector contracts. Only tick this box if you wish to receive information about these. We will never share your details with third parties and you will have the opportunity of opting out of communications every time we contact you. For further details, please see our Privacy Policy