Skip to main content
SCANOSS publishes Docker images to GitHub Container Registry (GHCR) for running scans in containerised environments. These images allow you to run SCANOSS without installing Python dependencies on the host machine and produce consistent results across Linux, macOS, and Windows hosts.

Image Details

SCANOSS Docker images are hosted on GitHub Container Registry (GHCR):
  • Registry: ghcr.io/scanoss/scanoss-py
  • Latest release: ghcr.io/scanoss/scanoss-py:latest
  • Specific version: ghcr.io/scanoss/scanoss-py:v1.44.0
The latest tag always points to the most recent stable release. For reproducible builds, pin to a specific version tag. View all available tags: GHCR Versions

Installation

Pull the Latest Version

docker pull ghcr.io/scanoss/scanoss-py:latest

Pull a Specific Version

# Pull v1.44.0
docker pull ghcr.io/scanoss/scanoss-py:v1.44.0

# Run v1.44.0
docker run ghcr.io/scanoss/scanoss-py:v1.44.0

Verify the Image

# Print the CLI version
docker run ghcr.io/scanoss/scanoss-py --version

# Print help text
docker run ghcr.io/scanoss/scanoss-py --help

Usage

All scan examples below mount the current working directory into the container at /scanoss. The scan path argument must reference this mount point, not a path on the host machine.

Scan the Current Directory

# Scan and display results in the terminal
docker run --rm -v "$(pwd)":/scanoss ghcr.io/scanoss/scanoss-py scan /scanoss

# Scan and write results to a file
docker run --rm -v "$(pwd)":/scanoss ghcr.io/scanoss/scanoss-py scan -o /scanoss/results.json /scanoss

Dependency Scanning

The -D / --dependencies flag includes dependency file scanning alongside source code scanning. Use --dependencies-only to skip source scanning and scan dependency files exclusively. 
# Scan source code and dependency files
docker run --rm -v "$(pwd)":/scanoss ghcr.io/scanoss/scanoss-py scan --dependencies -o /scanoss/results.json /scanoss

# Scan dependency files only
docker run --rm -v "$(pwd)":/scanoss ghcr.io/scanoss/scanoss-py scan --dependencies-only -o /scanoss/results.json /scanoss

Output Formats

SCANOSS supports several output formats, including Software Bill of Materials (SBOM) standards. 
# CycloneDX SBOM
docker run --rm -v "$(pwd)":/scanoss ghcr.io/scanoss/scanoss-py scan --format cyclonedx -o /scanoss/sbom.json /scanoss

# SPDX Lite SBOM
docker run --rm -v "$(pwd)":/scanoss ghcr.io/scanoss/scanoss-py scan --format spdxlite -o /scanoss/sbom.json /scanoss

# CSV report
docker run --rm -v "$(pwd)":/scanoss ghcr.io/scanoss/scanoss-py scan --format csv -o /scanoss/report.csv /scanoss