top of page
SBOMS for Modern 
DevSecOps

SCANOSS is the first affordable, open OSS Inventory & Intelligence platform that was built specifically for modern DevSecOps and supply chains, empowering them to deliver greater license, security, quality and provenance visibility and control for DevSecOps teams and their supply chain partners. By freeing developers to focus on writing great, secure and compliant code that they and their team can completely trust, applications are finished earlier, their quality is consistently higher, and development costs are dramatically lower.

Free SBOM generator

Identifying Declared and Undeclared
OSS Components

Free SBOM generator
Identifying Declared and Undeclared OSS Components

SCANOSS generates software bill of materials (SBOMs) that provide comprehensive and accurate information about the open source software (OSS) components used in a software application, including Al-generated code. It does this by analyzing the source code of the application and creating an inventory of all the OSS components used, including declared and undeclared components.


SCANOSS is able to identify both declared and undeclared
OSS components used in the codebase. Declared components are those that are explicitly listed in the source code, while undeclared components are those that are used but not listed in the code. By using advanced techniques such as code fingerprinting and machine learning, SCANOSS can identify these undeclared components, providing a more comprehensive view of the software supply chain and reducing the risk of OSS vulnerabilities going undetected.

Unrivaled OSS Risk Visibility

Open source software (OSS) is an integral part of modern software development, and it's often used to speed up development and reduce costs.
However, OSS can also pose significant risks if not managed properly. That's where OSS intelligence and a 360-degree view of risk come in.


With SCANOSS, DevSecOps teams can gain a comprehensive view of the open source components in use, including their licenses, vulnerabilities, trade compliance and other risks.
By utilizing this intelligence, teams can make informed decisions about their software supply chain, identify potential risks early in the development process, and take action to mitigate them. This approach allows for more secure and compliant software development, reducing the likelihood of costly and damaging security breaches.

Free SBOM generator
Continuous component identification and SBOM

Built specifically for
development teams

Fully configurable and
100% Open Source

Architected for speed
and velocity

Empower developers to confidently produce compliant code, while providing greater license visibility to the team.

No proprietary algorithms, no closed binaries and definitely no corporate source code. Everything is entirely open and available.

‘Start left’ in the development process by performing continuous validations vs. waiting on one final audit at the end.

lines of known OSS code

individual OSS files

Open Source Knowledge Base

(OSSKB)

It's
Big.

known OSS components

3 trillion
100 billion
500+ million

SCANOSS boasts the largest Open Source knowledgebase in the market, with 188 million URLs of open source software, 100 billion files, and over 3 trillion lines of code. This extensive database allows for the detection of both declared and undeclared open source components. SCANOSS achieves this impressive feat through its cutting-edge open source mining network, which runs fully unmanned and tracks new software versions and components in real time as they are published.

Frame 1969.png

Open Inventorying Engine

To analyze & compare Open Source Code snippets, filers or Winnowing fingerprints.

Frame 1949.png

Open RestFUL API

Client side applications and middleware can leverage this
API to interact with the
SCANOSS Engine.

Frame 1970.png

Open SBOM

Continuously generate an open Software Bill of Materials. Store your SBOM in SPDX or CycloneDX.

Frame 1950.png

Open Database Engine

A database purpose built for SCA, architected for scale and performance.

Frame 1948.png

Open Indexing Algorithm

Using an open algorithm called ‘winnowing’ to detect OSS files, snippets & code.

Frame 1951.png

Open Webhooks & CLI

Trigger secure source code analysis with every git push using webhooks or embed it into your CI/CD pipelines using the CLI.

"Fully Integrated
in your development tools and processes”

  • 100% Open architecture allows for easy integrations

  • Native support for most DevOps toolchains

  • Integrate with existing SCA tooling without overlap (e.g. SPDX)

  • Open data architecture allows for comparable results

SCANOSS fully integrates in your development tools and processes
SBOMS are finally
available to everyone!

SBOM Workbench is a desktop app that requires no installation and runs on-the-fly on any Windows, macOS or Linux computer.

Also available on

Free SBOM generator download for Windows
Free SBOM generator download for Apple Silicon Macs
Free SBOM generator download for Intel Macs
Free SBOM generator download for Linux
Download the SBOM Workbench source code from GitHub
SCA Tools: Feature Comparison

SBOM Data and Decoration

Feature

SCANOSS

Other OSS
SCA tools

Commercial
SCA tools

Precise IDs

Purl Arrays

Purl

Purl Arrays Vendor and Component

License dectection

Proprietary

Copyright
statements

Attribution
notices

Limited

Limited

Vulnerabilities

Dependencies 

Cryptographic Algorithms (ECCN)

Health metrics

No data

No data

Service Quality

Yes. Static Code Analysis data on entire knowledgebase

Code Quality Metrics

Reporting format

SPDX and CycloneDX

SPDX and CycloneDX

Proprietary and SPDX

Binary Analysis

Architecture

Feature

SCANOSS

Other OSS
SCA tools

Commercial
SCA tools

Precise IDs

Purl Arrays

Purl

Purl Arrays Vendor and Component

Tool
transparency

Closed-source

On-premise
deployment

Offline On-premise
deployment

Requires access

API-centric

API/centric

N/A

Partial/limited API functionality

Portable UI

Multiplatform app

Server side
applications

Server side aplications

Command Line
Interface (CLI)

Limited functionality

Air-gap scanning

Limited to 5Gb

Policy Manager

Relles on third-party tools

Built-in

CI/CD

Feature

SCANOSS

Other OSS
SCA tools

Commercial
SCA tools

Precise IDs

Purl Arrays

Purl

Purl Arrays Vendor and Component

Snippet
detection

N/A

Yes, with limitations

Snippet detection
quality 

Snippet scanning
openess

OSS Detection

Feature

SCANOSS

Other OSS
SCA tools

Commercial
SCA tools

Precise IDs

Purl Arrays

Purl

Purl Arrays Vendor and Component

Snippet
detection

Limited

Limited

Snippet detection
quality 

Limited

Limited

Snippet scanning
openess

Proprietary

Declared Component
Detection

Undeclared component Detection

Limited

Vendor Lock-in

Feature

SCANOSS

Other OSS
SCA tools

Commercial
SCA tools

Precise IDs

Purl Arrays

Purl

Purl Arrays Vendor and Component

Revenue
model

Data Provider

Support

Software Vendor

Open Source
Software

100% Open Source

Proprietary

SBOM / Data
import

From own legacy

File-level identification
export

N/A

Access to free
product offering

Limited

Ready to facilitate the next wave
of Open Source adoption?

bottom of page