Skip to main content

General Arguments

The following arguments are available on all commands:

scan

Scans a folder or file against the SCANOSS API to identify open-source components, licences, vulnerabilities, and dependencies. Results are written to STDOUT by default.
When --cryptography is used without an API key (--key), only local cryptography detection is performed. Component-level cryptography scanning via the SCANOSS API requires an API key.
The --dependencies flag is not applicable when scanning a pre-generated .wfp fingerprint file, as dependency manifest files are not captured in fingerprint hashes.

dep

Scans a folder exclusively for dependency manifest files without performing open-source code identification.
The following dependency manifest files are recognised during scanning:

wfp

Generates WFP (Winnowing FingerPrint) hashes for a folder or file without performing any API calls or analysis. The resulting output can be saved to a file and passed to scan at a later time using the --wfp flag.

crypto

Scans a folder or file for local cryptographic algorithm and library detection without performing open-source identification. Custom detection rules can be provided via JSON files.

components

Queries the SCANOSS Knowledge Base for component intelligence. Supports searching, version lookups, statistics, and component information retrieval.
The <action> argument must be one of: search, versions, stats, info.

versions

stats

info