top of page
Search

Introducing SCANOSS Pre-commit Hooks Integration

  • Writer: Giuliana Bruni
    Giuliana Bruni
  • Apr 29
  • 2 min read

Bring Open Source Transparency to Every Commit 


Precommit logo next to text "INTEGRATION Pre-commit Hooks" on a light abstract background with dots and lines.

At SCANOSS, we believe that open source compliance and transparency should be integrated into the developer workflow – not bolted on at the end. That’s why we’re excited to announce the official SCANOSS integration with pre-commit hooks – a simple way to scan your code before you commit


This integration adds SCANOSS to your version control layer using the popular pre-commit framework, helping teams identify and manage open source risks at the point of creation – not during audits or release freezes.  


Why it matters 


In fast-paced DevSecOps environments, developers are expected to move quickly, but compliance and governance requirements are not going away. In fact, they’re becoming more complex. 


Waiting until the end of the development cycle to address open source risks introduces uncertainty, technical debt, and often missed licence obligations. Pre-commit hooks give teams an immediate way to embed trust and transparency into their existing workflows. 


This aligns with our broader approach to DevSecOps, which we detail in Where SCANOSS Fits in DevSecOps. Pre-commit scanning is the first step to ensuring visibility from the very beginning. 


What it does 


The SCANOSS pre-commit integration introduces a dedicated hook: 


scanoss-check-undeclared-code 

This hook checks for potentially undeclared open source software in any staged files before they are committed. It can be run during pre-commit, pre-push, or manually.





That’s it – SCANOSS will now scan your code on each commit, flagging undeclared open source components in real time. 



How it helps you 


This integration is about helping developers, not slowing them down. 

  • For developers, it’s fast and transparent – no need to switch tools or add steps. 

  • For legal and compliance teams, it brings visibility to open source risks as early as possible. 

  • For organisations, it lays the foundation for building SBOMs from the first commit – not at the last minute. 


The SCANOSS pre-commit hook integration is open source, flexible, and easy to adopt. It’s another step in our mission to bring full lifecycle transparency to the software you build. 


Ready to give it a try? Check out our GitHub repo to get started. 

Adopt SCANOSS today

Get complete visibility and control over your open source.

bottom of page