Skip to content
scanoss.app

scanoss.app

SCANOSS detects undeclared OSS components in your commits

by scanoss78 installs
Add

About

scanoss.co.uk

Supported languages

JavaScript, Ruby, C++, Python, Perl, C, PHP, Java, Go, and C#

The SCANOSS App reports presence of known Open Source software in your code that is not declared in your SBOM.json file.

When you install the application, an initial scan will be launched on the entire code of each repository where you have enabled the application. Once the scan is completed, declare your Open Source components in the SBOM.json file in the root folder. From that point, every commit including OSS code not declared will be raised as an issue.

Sample SBOM.json.

[
  {
    "component": "mycomponent",
    "type": "implementation",
    "comment": "This is your component"
  }
  {
    "component": "webhook",
    "type": "dependency",
    "comment": "This is an OSS component that you are using inside your component"
  }
]

IMPORTANT: Make sure that the repositories where you want to install this app have issues enabled. Otherwise the initial scan will not be reported.

Sample output

Pricing and setup

Open Source Projects

$0

Open Source

Open Source Projects

  • Unlimited Public Repositories
  • Unlimited Collaborators
  • Scan limit: 5 files/day
  • (Limited Availability)

Next: Confirm your installation location

scanoss.app is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation