Scanoss.app is SCANOSS’ Github Marketplace app. It reports the presence of known Open Source Software in your code that is not declared in your oss_assets.json file.
Using our GitHub app to continuously scan for open source code
Once installed in a GitHub whenever a developer pushes code, scanoss.app performs a scan
scanoss.app also performs an initial scan of the entire repository with the first commit to the repository (shown in an issue)
The results of every commit scan have two outputs.
1. scanoss.app creates a comment in the commit with the result of the scan
2. scanoss.app sets the build status to ‘failed’ if the scan finds OSS that is not declared in oss_assets.json (else: success)
Once the scan is done, you can declare OSS assets in oss_assets.json
You can use our specification document for oss_assets.json examples.
The setup page allows you to configure your plan & re-scan repositories
You can access this page as part of your purchase. Existing customer? Go here.
It’s time to reinvent Software Composition Analysis (SCA) with an Open Source inventorying platform aimed at modern DevOps environments.
Find our GitHub app in the Marketplace
And be sure to give it a try.
Looking for more informations? Download our OSS whitepaper.