Overview
Complete SCANOSS Guide
Follow this guide to evaluate all SCANOSS capabilities for your organisation.Desktop Integration
Start by testing SCANOSS locally on your development machine:- Install SCANOSS-PY and SCANOSS-CC
- Navigate to your project directory
- Run a scan with SCANOSS-PY or SCANOSS-CC
- Declare components using SCANOSS-CC or SCANOSS Settings
- Setup Pre-Commit Hooks
- Test pre-commit by making a commit
CI/CD Integration
Automate scanning in your CI/CD pipeline:- Setup GitHub Actions workflow
- Configure API secrets
- Set trigger events (push, pull requests)
- Define compliance policies
- Review scan results
- Download SBOMs from workflow artifacts
Advanced Analysis
Extend your analysis with cryptography and security scanning:- Run cryptography scan to detect algorithms
- Review detected cryptographic implementations
- Run vulnerability scan to identify CVEs
- Assess risk levels for detected vulnerabilities
- Export comprehensive reports using SBOM Workbench
Continuous Monitoring
Establish ongoing monitoring and compliance:- Integrate with Dependency Track for continuous monitoring
- Track vulnerabilities and components over time
- Setup ORT Integration for compliance automation
- Define policy rules for your organization
- Generate compliance reports automatically
- Monitor alerts and prioritize remediation
Explore by Section
- License Dataset - Component Identification & Compliance
- Cryptography Dataset - Algorithm Detection
- Security Dataset - Vulnerability Management
- Process & Integrations - CI/CD Automation