General Arguments
The following arguments are available on all commands:scan
Scans a folder or file against the SCANOSS API to identify open-source components, licences, vulnerabilities, and dependencies. Results are written to STDOUT by default.When--cryptographyis used without an API key (--key), only local cryptography detection is performed. Component-level cryptography scanning via the SCANOSS API requires an API key.
The--dependenciesflag is not applicable when scanning a pre-generated.wfpfingerprint file, as dependency manifest files are not captured in fingerprint hashes.
dep
Scans a folder exclusively for dependency manifest files without performing open-source code identification.
The following dependency manifest files are recognised during scanning:
wfp
Generates WFP (Winnowing FingerPrint) hashes for a folder or file without performing any API calls or analysis. The resulting output can be saved to a file and passed toscan at
a later time using the --wfp flag.
crypto
Scans a folder or file for local cryptographic algorithm and library detection without performing open-source identification. Custom detection rules can be provided via JSON files.components
Queries the SCANOSS Knowledge Base for component intelligence. Supports searching, version lookups, statistics, and component information retrieval.<action> argument must be one of: search, versions, stats, info.