SBOMs for Modern
DevSecOps
SCANOSS is the first affordable, open OSS Inventory & Intelligence platform that was built specifically for modern DevSecOps and supply chains, empowering them to deliver greater license, security, quality and provenance visibility and control for DevSecOps teams and their supply chain partners. By freeing developers to focus on writing great, secure and compliant code that they and their team can completely trust, applications are finished earlier, their quality is consistently higher, and development costs are dramatically lower.
Identifying Declared and Undeclared OSS Components.
SCANOSS generates software bill of materials (SBOMs) that provide comprehensive and accurate information about the open source software (OSS) components used in a software application. It does this by analyzing the source code of the application and creating an inventory of all the OSS components used, including declared and undeclared components.
SCANOSS is able to identify both declared and undeclared OSS components used in the codebase. Declared components are those that are explicitly listed in the source code, while undeclared components are those that are used but not listed in the code. By using advanced techniques such as code fingerprinting and machine learning, SCANOSS can identify these undeclared components, providing a more comprehensive view of the software supply chain and reducing the risk of OSS vulnerabilities going undetected.
Unrivaled OSS Risk Visibility
Open source software (OSS) is an integral part of modern software development, and it's often used to speed up development and reduce costs. However, OSS can also pose significant risks if not managed properly. That's where OSS intelligence and a 360-degree view of risk come in.
With SCANOSS, DevSecOps teams can gain a comprehensive view of the open source components in use, including their licenses, vulnerabilities, trade compliance and other risks. By utilizing this intelligence, teams can make informed decisions about their software supply chain, identify potential risks early in the development process, and take action to mitigate them. This approach allows for more secure and compliant software development, reducing the likelihood of costly and damaging security breaches.
and SBOM
Built specifically for development teams
Empower developers to confidently produce compliant code, while providing greater license visibility to the team.
Fully configurable and 100%Open Source
No proprietary algorithms, no closed binaries and definitely no corporate source code. Everything is entirely open and available.
Architected for speed and velocity
‘Start left’ in the development lifecycle by performing continuous validations instead of waiting on one final audit at the end.
Open Source Knowledge Base
(OSSKB)
It’s big.
3 trillion
lines of known OSS code
100 billion
known OSS files
192 million
known OSS URLs
SCANOSS boasts the largest Open Source knowledgebase in the market, with 188 million URLs of open source software, 100 billion files, and over 3 trillion lines of code. This extensive database allows for the detection of both declared and undeclared open source components. SCANOSS achieves this impressive feat through its cutting-edge open source mining network, which runs fully unmanned and tracks new software versions and components in real time as they are published.
Open Inventorying Engine
To analyze & compare Open Source Code snippets, filters or Winnowing fingerprints.
Open SBOM
Continuously generate an open Software Bill of Materials. Store your SBOM in SPDX or CycloneDX.
Open Indexing Algorithm
Using an open algorithm called ‘winnowing’ to store OSS files, snippets & code.
Open RESTful API
Client side applications and middleware can leverage this API to interact with the SCANOSS Engine.
Open Database Engine
Your query performance is critical. Our Knowledge Base has already passed 2 trillion fingerprints.
Open Webhooks & CLI
Trigger secure source code analysis with every git push using webhooks or embed it into your CI/CD pipelines using the CLI.
"Fully integrated
into your
Development Tools
and Processes"
- 100% Open architecture allows for easy integrations
- Native support for most DevOps toolchains
- Integrate with existing SCA tooling without overlap (e.g. SPDX)
- Open data architecture allows for comparable results
available to everyone!
Audit Workbench is a desktop app that requires no installation and runs on-the-fly on any Windows, OSX or Linux computer.
Also available on
