> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
> Use this file to discover all available pages before exploring further.

# What is SCANOSS?

> SCANOSS is an open-source **software risk intelligence** platform that analyses source code to identify **declared and undeclared open-source usage**. It generates accurate, standards-based SBOMs and provides structured insight into software composition, licensing, and security through a command-line interface designed for developer workflows. This page explains what SCANOSS does, how it works at a high level, and the architectural principles behind its security, data handling, and open-source design.

## What SCANOSS Does

SCANOSS identifies open-source code used in software projects by analysing source code directly.

This includes:

* Declared dependencies defined in manifests
* Undeclared usage such as embedded components, copied files, and reused code fragments.

By working from source code rather than dependency declarations alone, SCANOSS provides a more comprehensive and verifiable view of software composition.

The results are translated into **software risk intelligence** that describes not just *what* open-source code is present, but also the associated licensing, security, and compliance metadata.

## How SCANOSS Works

SCANOSS operates by combining local scanning with reference data and integrated tooling:

1. **Fingerprinting:** A CLI tool examines source code locally and generates fingerprints based on file content.
2. **Matching:** Those fingerprints are compared against reference data from a large open-source knowledge base maintained by SCANOSS.
3. **Output:** Identified results are assembled into standards-based SBOMs (e.g. SPDX, CycloneDX) and enriched with metadata that supports risk analysis.

The platform's interfaces — including the Python CLI, REST API, and graphical workbench — let developers and tools consume this software risk intelligence where they need it.