> ## Documentation Index > Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt > Use this file to discover all available pages before exploring further. # Platform Architecture Overview > Overview of SCANOSS platform architecture, highlighting secure local scanning, open-source knowledge management, and flexible deployment for reliable software composition analysis. ## SCANOSS Curation Flow SCANOSS Curation Flow diagram showing the relationship between local scanning, fingerprint transmission, and the knowledge base ### The SCANOSS Knowledge Base At the core of SCANOSS is a continuously maintained **open-source knowledge base** built from publicly available open-source projects. The knowledge base does **not** contain customer code. Instead, it stores: * derived fingerprints from known open-source code, * component and version identifiers, * licence information, * and other metadata required to contextualise results. When SCANOSS runs locally, only derived fingerprints are compared against this reference data. This architecture enables accurate identification of open-source usage without transferring or storing user source code. *The knowledge base evolves continuously as new projects, versions, and metadata are added, ensuring that software intelligence remains current as the open-source ecosystem changes.* ### Security Model SCANOSS is designed so that analysing software composition does not require exposing source code or trusting opaque processing. Source code never leaves the user's environment. Derived fingerprints are computed locally, filenames are hashed before transmission, and only those derived values are sent for analysis. No proprietary or sensitive code is uploaded or reconstructed at any point. This design allows organisations to analyse **both declared and undeclared open-source usage** — where declared usage refers to components listed in a dependency manifest, and undeclared usage refers to code present in a codebase but not explicitly referenced — while maintaining full control over intellectual property. ### Open Source and Standards The scanning engine and fingerprinting algorithms used by SCANOSS are fully open source. This allows independent inspection of how detection works and how results are produced. All outputs conform to open standards such as SPDX and CycloneDX. SBOMs and analysis results remain portable and interoperable, avoiding vendor lock-in and supporting long-term reuse of software intelligence across tools and processes. ### Deployment Options SCANOSS can be used as a hosted service or deployed on-premise. On-premise deployment allows organisations with strict security or regulatory requirements to run the platform entirely within their own infrastructure, while retaining the same analysis capabilities and workflow integrations. ## Know Your Frankie Modern software is typically assembled from many open-source components, often introduced incrementally through direct dependencies, transitive dependencies, or code copying. The term "Frankie" refers to a codebase composed of many such parts — some expected, some unintentional — that may not be fully accounted for in dependency declarations. "Know your Frankie" reflects the need to understand **what code is actually present in a codebase**, rather than relying solely on what is declared in manifests or expected from the build process. SCANOSS provides the software intelligence required to maintain that understanding as projects evolve, dependencies change, and code is reused over time.