> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Scanning Your Project

> Scan your code for open-source components, licences, vulnerabilities, and dependencies using SCANOSS.

Scanning is the core functionality of [SCANOSS-PY](https://github.com/scanoss/scanoss.py). It fingerprints your code and compares it against the SCANOSS Knowledge Base to identify open-source components, licences, vulnerabilities, and security issues.

## Quick Start

Scan a project folder and save results:

```bash theme={null}
scanoss-py scan -o results.json /path/to/project
```

## Understanding Scanning

When you run a scan, SCANOSS-PY:

1. **Fingerprints** your source code using the [Winnowing algorithm](fingerprinting#the-winnowing-algorithm)
2. **Compares** fingerprints against the SCANOSS Knowledge Base
3. **Identifies** matching open-source components
4. **Detects** licences, vulnerabilities, and quality issues
5. **Returns** detailed results in JSON format

Scanning extends fingerprinting by querying the SCANOSS Knowledge Base with the generated fingerprints, returning component matches, licence data, and vulnerability information. Fingerprinting alone produces only the `.wfp` file; it does not perform a lookup.

## Basic Scanning

### Scan a Directory

```bash theme={null}
scanoss-py scan -o results.json /path/to/project
```

### Scan a Single File

```bash theme={null}
scanoss-py scan -o results.json /path/to/file.py
```

### Scan Multiple Specific Files

```bash theme={null}
scanoss-py scan --files src/main.py src/utils.py -o results.json
```

## Scanning with Dependencies

SCANOSS-PY can detect and analyse **declared dependencies** from package manifest files
(e.g. `package.json`, `requirements.txt`, `pom.xml`).

### Scan Source Files and Dependencies

```bash theme={null}
scanoss-py scan --dependencies -o results.json /path/to/project
```

> **Note:** Dependency scanning requires [`scancode-toolkit`](installation#dependency-scanning)
> to be installed. Without it, the `--dependencies` flag will produce an error.

### Scan Dependencies Only

Skip file scanning and analyse only declared dependencies:

```bash theme={null}
scanoss-py scan --dependencies-only -o results.json /path/to/project
```

## Scanning with Pre-Generated Fingerprints

For large projects or CI/CD pipelines, you can separate the fingerprinting step from the
scanning step. Pass a previously generated `.wfp` fingerprint file directly to the scanner:

```bash theme={null}
scanoss-py scan --wfp project.wfp -o results.json
```

## Scanning with a Settings File

SCANOSS supports a <a href="/en/latest/getting-started/declaring-components" target="_blank">`scanoss.json` settings file</a> for persistent configuration.

The example below shows how to exclude specific files and directories from scanning using
glob patterns. The `!` prefix negates a pattern, re-including a previously excluded path.

```json theme={null}
{
  "settings": {
    "skip": {
      "patterns": {
        "scanning": [
          "*.log",
          "!important.log",
          "temp/",
          "debug[0-9]*.txt",
          "src/client/specific-file.js",
          "src/nested/folder/"
        ]
      }
    }
  }
}
```

**Scan with a settings file:**

```bash theme={null}
scanoss-py scan --settings scanoss.json -o results.json /path/to/project
```