SBOMs for Modern

SCANOSS is the first affordable, open OSS Inventory & Intelligence platform that was built specifically for modern DevSecOps and supply chains, empowering them to deliver greater license, security, quality and provenance visibility and control for DevSecOps teams and their supply chain partners. By freeing developers to focus on writing great, secure and compliant code that they and their team can completely trust, applications are finished earlier, their quality is consistently higher, and development costs are dramatically lower.

SCANOSS product header
SCANOSS Workbench

Identifying Declared and Undeclared OSS Components.

SCANOSS generates software bill of materials (SBOMs) that provide comprehensive and accurate information about the open source software (OSS) components used in a software application. It does this by analyzing the source code of the application and creating an inventory of all the OSS components used, including declared and undeclared components.

SCANOSS is able to identify both declared and undeclared OSS components used in the codebase. Declared components are those that are explicitly listed in the source code, while undeclared components are those that are used but not listed in the code. By using advanced techniques such as code fingerprinting and machine learning, SCANOSS can identify these undeclared components, providing a more comprehensive view of the software supply chain and reducing the risk of OSS vulnerabilities going undetected.

Unrivaled OSS Risk Visibility

Open source software (OSS) is an integral part of modern software development, and it's often used to speed up development and reduce costs. However, OSS can also pose significant risks if not managed properly. That's where OSS intelligence and a 360-degree view of risk come in.

With SCANOSS, DevSecOps teams can gain a comprehensive view of the open source components in use, including their licenses, vulnerabilities, trade compliance and other risks. By utilizing this intelligence, teams can make informed decisions about their software supply chain, identify potential risks early in the development process, and take action to mitigate them. This approach allows for more secure and compliant software development, reducing the likelihood of costly and damaging security breaches.

SCANOSS Workbench
Continuous component identification
and SBOM
Built specifically
for development teams

Empower developers to confidently produce compliant code, while providing greater license visibility to the team.

Fully configurable and 100%
Open Source

No proprietary algorithms, no closed binaries and definitely no corporate source code. Everything is entirely open and available.

Architected for speed
and velocity

‘Start left’ in the development lifecycle by performing continuous validations instead of waiting on one final audit at the end.


Open Source Knowledge Base


It’s big.

3 trillion

lines of known OSS code

100 billion

known OSS files

192 million

known OSS URLs

Get in Touch external icon

SCANOSS boasts the largest Open Source knowledgebase in the market, with 188 million URLs of open source software, 100 billion files, and over 3 trillion lines of code. This extensive database allows for the detection of both declared and undeclared open source components. SCANOSS achieves this impressive feat through its cutting-edge open source mining network, which runs fully unmanned and tracks new software versions and components in real time as they are published.

Open Inventorying Engine

To analyze & compare Open Source Code snippets, filters or Winnowing fingerprints.


Continuously generate an open Software Bill of Materials. Store your SBOM in SPDX or CycloneDX.

Open Indexing Algorithm

Using an open algorithm called ‘winnowing’ to store OSS files, snippets & code.

Open RESTful API

Client side applications and middleware can leverage this API to interact with the SCANOSS Engine.

Open Database Engine

Your query performance is critical. Our Knowledge Base has already passed 2 trillion fingerprints.

Open Webhooks & CLI

Trigger secure source code analysis with every git push using webhooks or embed it into your CI/CD pipelines using the CLI.

"Fully integrated into your
Development Tools
and Processes"

  • 100% Open architecture allows for easy integrations
  • Native support for most DevOps toolchains
  • Integrate with existing SCA tooling without overlap (e.g. SPDX)
  • Open data architecture allows for comparable results
Open Source auditing is finally
available to everyone!

Audit Workbench is a desktop app that requires no installation and runs on-the-fly on any Windows, OSX or Linux computer.

Also available on

linux icon apple icon apple icon apple icon github icon

Ready to facilitate the next wave of Open Source adoption?

Get in touch