Skip to main content
SCANOSS supports multiple output formats to integrate with your existing workflows and compliance tooling. You can specify the desired format during a scan, or convert existing scan results to a different format after the fact.

Available Output Formats

FormatDescriptionUse Case
JSON (Default)Complete scan results in SCANOSS native formatProgrammatic processing, detailed analysis
CycloneDXIndustry-standard Software Bill of Materials (SBOM) formatSBOM exchange, vulnerability tracking
SPDX LiteStandardised subset of the SPDX specificationLicence compliance, SPDX-based workflows
CSVComma-separated valuesSpreadsheet analysis, reporting

JSON (Default)

The default output format, containing the full set of fields returned by the SCANOSS engine, including match type, component metadata, and licence data.

Generate During Scan

scanoss-py scan -o results.json /path/to/project

CycloneDX

CycloneDX is an OWASP-maintained SBOM (Software Bill of Materials) standard used for component inventory, vulnerability tracking, and supply chain transparency.
Note: The output file uses a .json extension regardless of the format flag, as CycloneDX supports JSON serialisation.

Generate During Scan

scanoss-py scan --format cyclonedx -o sbom.json /path/to/project

SPDX Lite

SPDX Lite is a formally defined, minimal profile of the SPDX (Software Package Data Exchange) specification. It is intended for use cases where full SPDX compliance is not required but licence data must still be communicated in a structured, interoperable format.
Note: The output file uses a .json extension, as SPDX Lite is serialised in JSON format.

Generate During Scan

scanoss-py scan --format spdxlite -o sbom-spdx.json /path/to/project

CSV

Outputs scan results as comma-separated values, with one row per matched component. This format is suitable for import into spreadsheet applications or reporting pipelines.

Generate During Scan

scanoss-py scan --format csv -o results.csv /path/to/project