Skip to main content

scan Examples

Quick Analysis

Run a scan without an API token. Note that unauthenticated requests are subject to reduced rate limits and may return limited match data: 
scanoss-js scan -o results.json /path/to/project

API Token Scanning

Provide an API token and a custom API URL to authenticate requests and access the full scanning feature set: 
scanoss-js scan -o results.json --key $SCANOSS_API_KEY --apiurl https://<your-api-host> /path/to/project

Scan with Dependency Detection

Include dependency manifest detection alongside code scanning: 
scanoss-js scan -o results.json --key $SCANOSS_API_KEY --dependencies /path/to/project

Scan with Cryptography Detection

Include cryptographic algorithm and library detection: 
scanoss-js scan --cryptography --key $SCANOSS_API_KEY -o results.json /path/to/project
With custom algorithm and library detection rule files: 
scanoss-js scan --cryptography --key $SCANOSS_API_KEY \
  --algorithm-rules /path/to/algorithm-rules.json \
  --library-rules /path/to/library-rules.json \
  -o results.json /path/to/project

wfp Examples

Two-Step Fingerprint and Scan Workflow

Fingerprinting and scanning can be performed as two separate steps. The .wfp file format (Winnowing FingerPrint) stores the generated fingerprints for later use. Generate fingerprints: 
scanoss-js wfp -o fingerprints.wfp --key $SCANOSS_API_KEY /path/to/project
Scan the previously generated fingerprints: 
scanoss-js scan -w fingerprints.wfp --key $SCANOSS_API_KEY -o results2.json -stf
This command scans the previously generated fingerprint file and writes the results to results2.json. The -stf flag skips loading a settings file during the scan; use this flag when no settings file is present or when you want to run the scan with default settings only.

dep Examples

Dependency-Only Scan

Run dependency manifest detection without code scanning: 
scanoss-js dep --key $SCANOSS_API_KEY /path/to/project

crypto Examples

Cryptography-Only Scan

Run local cryptographic algorithm and library detection without code scanning: 
scanoss-js crypto --key $SCANOSS_API_KEY /path/to/project
With custom detection rule files: 
scanoss-js crypto --key $SCANOSS_API_KEY /path/to/project \
  --algorithm-rules /path/to/algorithm-rules.json \
  --library-rules /path/to/library-rules.json