> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Product Context Dependency

> Control where and how packages are used in your codebase with context aware rules and path restrictions.

Product Context Dependency is a powerful feature that allows you to enforce fine-grained control over component usage within your codebase. Instead of simply tracking which components exist, you can define rules about where they should (and shouldn't) be used.

## Prerequisites

Ensure `scanoss-py` is installed:

```bash theme={null}
pip3 install scanoss
```

For enhanced performance with fast winnowing:

```bash theme={null}
pip3 install scanoss[fast_winnowing]
```

Verify installation:

```bash theme={null}
scanoss-py --version
```

## Getting Started

### Initial Discovery Scan

Run a comprehensive scan to discover all components in your project:

```bash theme={null}
scanoss-py scan -D -o results.json /path/to/folder
```

**Options explained:**

* `-D` or `--dependencies`: Enable dependency detection
* `-o results.json`: Output file for scan results
* `/path/to/folder`: Scan the specified folder. You can use `.` to scan the current directory.

The first scan should be run without a `scanoss.json` file to discover all components in your project.

### Identify Undeclared Components

Inspect the scan results to find components not yet declared in your configuration:

```bash theme={null}
scanoss-py inspect undeclared -i results.json
```

**Sample Output:**

```json theme={null}
{
  "bom": {
    "include": [
      {
        "purl": "pkg:github/scanoss/engine"
      },
      {
        "purl": "pkg:github/scanoss/scanoss.py"
      }
    ]
  }
}
```

### Create `scanoss.json` Configuration

Create a `scanoss.json` file **in the same directory you're scanning** to declare approved components:

```json theme={null}
{
  "self": {
    "name": "scanoss-project",
    "version": "1.0.0",
    "license": "GPL-2.0-only",
    "description": "Project using SCANOSS engine and Python SDK"
  },
  "bom": {
    "include": [
      {
        "purl": "pkg:github/scanoss/engine",
        "comment": "Approved: Core SCANOSS engine used for software composition analysis"
      },
      {
        "purl": "pkg:github/scanoss/scanoss.py",
        "comment": "Approved: Python client library for SCANOSS API"
      }
    ]
  }
}
```

### Rescan with Configuration

Apply your configuration by rescanning with the settings file:

```bash theme={null}
scanoss-py scan -D --settings scanoss.json -o results.json /path/to/folder
```

The tool will now detect scanoss.json in the scan directory.

### Validate Compliance

After scanning with your configuration, verify that all components are properly declared:

```bash theme={null}
scanoss-py inspect undeclared -i results.json
```

Success output:

```bash theme={null}
0 undeclared component(s) were found.
```

The output will list any undeclared components that need to be added to your `scanoss.json`.

## Advanced Context Rules

### Path-Specific Restrictions

Restrict components to specific directories in your project:

```json theme={null}
{
  "bom": {
    "include": [
      {
        "purl": "pkg:github/scanoss/engine@5.0.0",
        "path": "src/",
        "comment": "Engine core allowed in source directory only"
      },
      {
        "purl": "pkg:github/scanoss/scanoss.py@v1.3.6",
        "path": "src/",
        "comment": "Python SDK for scanning operations in source"
      }
    ]
  }
}
```

### Version Upgrade Management

Enforce version upgrades or library replacements:

```json theme={null}
{
  "bom": {
    "replace": [
      {
        "purl": "pkg:github/scanoss/engine@5.0.0",
        "replace_with": "pkg:github/scanoss/engine@5.0.2",
        "path": "src/",
        "license": "GPL-2.0-only",
        "comment": "Upgrade to latest engine version (5.0.2 available)"
      },
      {
        "purl": "pkg:github/scanoss/scanoss.py@v1.3.6",
        "replace_with": "pkg:github/scanoss/scanoss.py@v1.4.0",
        "path": "src/",
        "license": "MIT",
        "comment": "Upgrade Python SDK for latest features and security fixes"
      }
    ]
  }
}
```

### License Compliance Configuration

Based on the mixed licenses detected in your scan:

```json theme={null}
{
  "self": {
    "name": "scanoss-project",
    "version": "1.0.0",
    "license": "GPL-2.0-only",
    "description": "Project using SCANOSS components with GPL-2.0 compatibility"
  },
  "bom": {
    "include": [
      {
        "purl": "pkg:github/scanoss/engine@5.0.0",
        "path": "src/copyright.c",
        "license": "GPL-2.0-only",
        "comment": "Approved: Engine component - GPL-2.0 copyleft license"
      },
      {
        "purl": "pkg:github/scanoss/scanoss.py@v1.3.6",
        "path": "src/scanner_test.py",
        "license": "MIT",
        "comment": "Approved: Python SDK - MIT license (permissive)"
      }
    ]
  }
}
```

Learn more about creating and managing `scanoss.json` files: [SCANOSS Settings Documentation](scanoss-settings)