# SCANOSS documentation

## Docs

- [Get all version information for a specific component](https://docs.scanoss.com/api-reference/components/get-all-version-information-for-a-specific-component.md)
- [Get status information for a specific purl via a get request](https://docs.scanoss.com/api-reference/components/get-status-information-for-a-specific-purl-via-a-get-request.md)
- [Get the statistics for the specified components](https://docs.scanoss.com/api-reference/components/get-the-statistics-for-the-specified-components.md)
- [Get the status for a list of purls posted in the body](https://docs.scanoss.com/api-reference/components/get-the-status-for-a-list-of-purls-posted-in-the-body.md)
- [Search for components](https://docs.scanoss.com/api-reference/components/search-for-components.md)
- [Standard echo](https://docs.scanoss.com/api-reference/components/standard-echo.md)
- [Download cryptography detection ruleset as a tarball.](https://docs.scanoss.com/api-reference/cryptography/download-cryptography-detection-ruleset-as-a-tarball.md): Downloads a compressed tarball containing cryptographic detection rules for various programming languages. Rulesets can be used with tools like SCANOSS Crypto Finder for cryptographic algorithm detection in source code.
- [Get component versions that contain or don't contain cryptographic algorithms within specified ranges.](https://docs.scanoss.com/api-reference/cryptography/get-component-versions-that-contain-or-dont-contain-cryptographic-algorithms-within-specified-ranges.md): Returns lists of versions that either contain cryptographic algorithms or don't, helping assess cryptographic presence across component evolution.
- [Get cryptographic algorithms associated with a single software component.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-algorithms-associated-with-a-single-software-component.md): Analyzes the component and returns cryptographic algorithms detected in the codebase including algorithm names and strength classifications.
- [Get cryptographic algorithms associated with multiple software components in a single request.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-algorithms-associated-with-multiple-software-components-in-a-single-request.md): Analyzes multiple components and returns cryptographic algorithms detected in each codebase including algorithm names and strength classifications.
- [Get cryptographic algorithms used by a component across specified version ranges.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-algorithms-used-by-a-component-across-specified-version-ranges.md): Analyzes the component across version ranges and returns all cryptographic algorithms detected along with the versions where they appear.
- [Get cryptographic algorithms used by multiple components across specified version ranges.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-algorithms-used-by-multiple-components-across-specified-version-ranges.md): Analyzes multiple components across version ranges and returns all cryptographic algorithms detected along with the versions where they appear for each component.
- [Get cryptographic hints across version ranges - legacy endpoint.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-hints-across-version-ranges--legacy-endpoint.md): Legacy method for retrieving cryptographic hints related to protocols, libraries, SDKs and frameworks across version ranges. Use ComponentHintsInRange or ComponentsHintsInRange instead.
- [Get cryptographic hints across version ranges - legacy endpoint.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-hints-across-version-ranges--legacy-endpoint-1.md): Legacy method for retrieving cryptographic hints related to protocols, libraries, SDKs and frameworks across version ranges. Use ComponentHintsInRange or ComponentsHintsInRange instead.
- [Get cryptographic hints for a single component.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-hints-for-a-single-component.md): Returns hints about cryptographic protocols, libraries, SDKs and frameworks used by the component, providing insights into cryptographic dependencies.
- [Get cryptographic hints for multiple components in a single request.](https://docs.scanoss.com/api-reference/cryptography/get-cryptographic-hints-for-multiple-components-in-a-single-request.md): Returns hints about cryptographic protocols, libraries, SDKs and frameworks used by multiple components, providing insights into cryptographic dependencies.
- [Get multiple component versions that contain or don't contain cryptographic algorithms within specified ranges.](https://docs.scanoss.com/api-reference/cryptography/get-multiple-component-versions-that-contain-or-dont-contain-cryptographic-algorithms-within-specified-ranges.md): Returns lists of versions for multiple components that either contain cryptographic algorithms or don't, helping assess cryptographic presence across component evolution in batch operations.
- [Returns the same message that was sent, used for health checks and connectivity testing](https://docs.scanoss.com/api-reference/cryptography/returns-the-same-message-that-was-sent-used-for-health-checks-and-connectivity-testing.md)
- [Get dependency details
Deprecated: Use /v2/licenses/components instead](https://docs.scanoss.com/api-reference/dependencies/get-dependency-detailsdeprecated:-use-v2licensescomponents-instead.md)
- [Get transitive dependency details](https://docs.scanoss.com/api-reference/dependencies/get-transitive-dependency-details.md)
- [Standard echo](https://docs.scanoss.com/api-reference/dependencies/standard-echo.md)
- [[DEPRECATED] Get component-level Geo Provenance by contributor location](https://docs.scanoss.com/api-reference/geoprovenance/[deprecated]-get-component-level-geo-provenance-by-contributor-location.md)
- [[DEPRECATED] Get component-level Geo Provenance by contributor origin commit times](https://docs.scanoss.com/api-reference/geoprovenance/[deprecated]-get-component-level-geo-provenance-by-contributor-origin-commit-times.md)
- [Get component-level Geo Provenance based on contributor declared location
This is the current method that accepts ComponentRequest for enhanced component identification
Replaces the deprecated GetComponentContributors method](https://docs.scanoss.com/api-reference/geoprovenance/get-component-level-geo-provenance-based-on-contributor-declared-locationthis-is-the-current-method-that-accepts-componentrequest-for-enhanced-component-identificationreplaces-the-deprecated-getcomponentcontributors-method.md)
- [Get component-level Geo Provenance based on contributor declared location
This is the current method that accepts ComponentsRequest for enhanced component identification
Replaces the deprecated GetComponentContributors method](https://docs.scanoss.com/api-reference/geoprovenance/get-component-level-geo-provenance-based-on-contributor-declared-locationthis-is-the-current-method-that-accepts-componentsrequest-for-enhanced-component-identificationreplaces-the-deprecated-getcomponentcontributors-method.md)
- [Get component-level Geo Provenance based on contributor origin commit times
This is the current method that accepts ComponentRequest for enhanced component identification
Replaces the deprecated GetComponentOrigin method](https://docs.scanoss.com/api-reference/geoprovenance/get-component-level-geo-provenance-based-on-contributor-origin-commit-timesthis-is-the-current-method-that-accepts-componentrequest-for-enhanced-component-identificationreplaces-the-deprecated-getcomponentorigin-method.md)
- [Get component-level Geo Provenance based on contributor origin commit times
This is the current method that accepts ComponentsRequest for enhanced component identification
Replaces the deprecated GetComponentOrigin method](https://docs.scanoss.com/api-reference/geoprovenance/get-component-level-geo-provenance-based-on-contributor-origin-commit-timesthis-is-the-current-method-that-accepts-componentsrequest-for-enhanced-component-identificationreplaces-the-deprecated-getcomponentorigin-method.md)
- [Standard health check endpoint to verify service availability and connectivity](https://docs.scanoss.com/api-reference/geoprovenance/standard-health-check-endpoint-to-verify-service-availability-and-connectivity.md)
- [Get compliance obligations and usage requirements for a specific license.](https://docs.scanoss.com/api-reference/license/get-compliance-obligations-and-usage-requirements-for-a-specific-license.md): Returns structured OSADL compliance data including use cases, obligations, compatibility information, and patent hints for the specified license.
- [Get detailed metadata for a specific license by SPDX identifier.](https://docs.scanoss.com/api-reference/license/get-detailed-metadata-for-a-specific-license-by-spdx-identifier.md): Provides comprehensive license information including SPDX registry data, OSADL compliance metadata, license type classification, and official references.
- [Get license information for a single software component.](https://docs.scanoss.com/api-reference/license/get-license-information-for-a-single-software-component.md): Examines source code, license files, and package metadata to determine which licenses apply to the component. Returns license data in both individual SPDX license and SPDX expressions when determinable.
- [Get license information for multiple software components in a single request.](https://docs.scanoss.com/api-reference/license/get-license-information-for-multiple-software-components-in-a-single-request.md): Examines source code, license files, and package metadata to determine which licenses apply to each component. Returns license data in both individual SPDX license and SPDX expressions when determinable.
- [Returns the same message that was sent, used for health checks and connectivity testing](https://docs.scanoss.com/api-reference/license/returns-the-same-message-that-was-sent-used-for-health-checks-and-connectivity-testing.md)
- [Scan the given folder request looking for matches](https://docs.scanoss.com/api-reference/scanning/scan-the-given-folder-request-looking-for-matches.md)
- [Standard echo](https://docs.scanoss.com/api-reference/scanning/standard-echo.md)
- [Get potential security issues associated with a single component
This is the current method that accepts ComponentRequest for enhanced component identification
Replaces the deprecated GetIssues method for single component queries](https://docs.scanoss.com/api-reference/semgrep/get-potential-security-issues-associated-with-a-single-componentthis-is-the-current-method-that-accepts-componentrequest-for-enhanced-component-identificationreplaces-the-deprecated-getissues-method-for-single-component-queries.md)
- [Get potential security issues associated with multiple components
This is the current method that accepts ComponentsRequest for enhanced component identification
Replaces the deprecated GetIssues method](https://docs.scanoss.com/api-reference/semgrep/get-potential-security-issues-associated-with-multiple-componentsthis-is-the-current-method-that-accepts-componentsrequest-for-enhanced-component-identificationreplaces-the-deprecated-getissues-method.md)
- [Standard health check endpoint to verify service availability and connectivity](https://docs.scanoss.com/api-reference/semgrep/standard-health-check-endpoint-to-verify-service-availability-and-connectivity.md)
- [Get CPEs (Common Platform Enumeration) associated with a single software component.](https://docs.scanoss.com/api-reference/vulnerabilities/get-cpes-common-platform-enumeration-associated-with-a-single-software-component.md): Returns Common Platform Enumeration identifiers that match the specified component. CPEs are used to identify IT platforms in vulnerability databases and enable vulnerability scanning and assessment.
- [Get CPEs (Common Platform Enumeration) associated with multiple software components.](https://docs.scanoss.com/api-reference/vulnerabilities/get-cpes-common-platform-enumeration-associated-with-multiple-software-components.md): Returns Common Platform Enumeration identifiers for multiple components in a single request. CPEs are used to identify IT platforms in vulnerability databases and enable vulnerability scanning and assessment.
- [Get vulnerability information for a single software component.](https://docs.scanoss.com/api-reference/vulnerabilities/get-vulnerability-information-for-a-single-software-component.md): Analyzes the component and returns known vulnerabilities including CVE details, severity scores, publication dates, and other security metadata. Vulnerability data is sourced from various security databases and feeds.
- [Get vulnerability information for multiple software components in a single request.](https://docs.scanoss.com/api-reference/vulnerabilities/get-vulnerability-information-for-multiple-software-components-in-a-single-request.md): Analyzes multiple components and returns known vulnerabilities for each including CVE details, severity scores, publication dates, and other security metadata. Vulnerability data is sourced from various security databases and feeds.
- [Returns the same message that was sent, used for health checks and connectivity testing](https://docs.scanoss.com/api-reference/vulnerabilities/returns-the-same-message-that-was-sent-used-for-health-checks-and-connectivity-testing.md)
- [README TEMPLATE](https://docs.scanoss.com/docs-templates/README_TEMPLATE.md)
- [[Feature/Topic Name]](https://docs.scanoss.com/docs-templates/scanoss-template.md): Brief description of what this page covers (appears in search results and under the title)
- [Fast Winnowing & Fingerprinting](https://docs.scanoss.com/en/latest/advanced/fast-winnowing-fingerprint-algorithms.md): Fingerprinting is the process of creating a unique digital signature (fingerprint) for source code files using the Winnowing Algorithm.
- [SBOM Formats](https://docs.scanoss.com/en/latest/advanced/sbom-formats.md): Generate and export Software Bill of Materials (SBOMs) in multiple industry-standard formats using SCANOSS tooling.
- [API Overview](https://docs.scanoss.com/en/latest/apis/api-overview.md): Introduction to the SCANOSS API for software composition analysis, dependency information, vulnerability detection, and cryptography intelligence.
- [Component Search API](https://docs.scanoss.com/en/latest/apis/component-search-api.md): Search components and retrieve versions, metadata, code statistics, and lifecycle status.
- [Dependencies API](https://docs.scanoss.com/en/latest/apis/dependencies-api.md): Provides dependency analysis for software components, including direct and transitive dependency resolution.
- [Cryptography API](https://docs.scanoss.com/en/latest/apis/encryption-api.md): Analyse cryptographic algorithms, usage hints and version coverage for software components.
- [Geoprovenance API](https://docs.scanoss.com/en/latest/apis/geoprovenance-api.md): Retrieve geographical provenance of software components using contributor locations, commit timing patterns, and development activity.
- [License API](https://docs.scanoss.com/en/latest/apis/license-api.md): Retrieve license information for software components, including SPDX details and approval status.
- [Sending Requests and Reviewing Results](https://docs.scanoss.com/en/latest/apis/postman/sending-requests-reviewing-results.md): Learn how to send API requests and interpret responses using Postman for SCANOSS vulnerability, cryptography, and component APIs.
- [Workspace Setup](https://docs.scanoss.com/en/latest/apis/postman/workspace-setup.md): Set up your Postman workspace for testing SCANOSS API endpoints  with authentication and environment configuration.
- [Scanning API](https://docs.scanoss.com/en/latest/apis/scanning-api.md): Provides high-precision scanning of folder structures to identify software components based on project hierarchy, file names, and content patterns.
- [Semgrep API](https://docs.scanoss.com/en/latest/apis/semgrep-api.md): Detect security, quality, and compliance issues in software components using Semgrep static analysis.
- [Vulnerability API](https://docs.scanoss.com/en/latest/apis/vulnerability-api.md): Provides vulnerability data for software components, including CPE identifiers and known vulnerabilities (CVEs).
- [Configuration](https://docs.scanoss.com/en/latest/cli/crypto-finder/configuration.md): Crypto Finder supports flexible configuration through multiple mechanisms: `scanoss.json` files, command-line flags, and environment variables.
- [Dependency Scanning & Call Chain Attribution](https://docs.scanoss.com/en/latest/cli/crypto-finder/dependency-scanning.md): This document explains how crypto-finder discovers cryptographic usage in project dependencies and traces it back to user code through call graph analysis.
- [Docker Usage](https://docs.scanoss.com/en/latest/cli/crypto-finder/docker-usage.md): Crypto Finder provides official Docker images for containerised scanning workflows.
- [Installation](https://docs.scanoss.com/en/latest/cli/crypto-finder/installation.md): Get started with SCANOSS Crypto Finder. Choose from Docker, package managers, or build from source.
- [Output Formats](https://docs.scanoss.com/en/latest/cli/crypto-finder/output-formats.md): Crypto Finder supports two output formats for scan results.
- [Overview](https://docs.scanoss.com/en/latest/cli/crypto-finder/overview.md): [Crypto Finder](https://github.com/scanoss/crypto-finder) is a CLI tool for detecting cryptographic algorithm usage in source code repositories. Crypto Finder scans codebases using multiple scanning engines and outputs results in standardised formats including JSON and CycloneDX.
- [Quick Start](https://docs.scanoss.com/en/latest/cli/crypto-finder/quick-start.md): Get started with Crypto Finder in minutes. This guide walks you through your first cryptographic scan.
- [Remote Rulesets](https://docs.scanoss.com/en/latest/cli/crypto-finder/remote-rulesets.md): Crypto Finder can automatically fetch curated rulesets from the SCANOSS  API, providing up-to-date cryptographic detection rules without requiring manual  management.
- [Commands & Arguments](https://docs.scanoss.com/en/latest/cli/scanoss-js/commands-and-arguments.md): Complete reference for all SCANOSS-JS CLI commands and their arguments.
- [Installation](https://docs.scanoss.com/en/latest/cli/scanoss-js/installation.md): A Node.js module and CLI for interacting with SCANOSS APIs and Engine. Scan your codebase for open-source components, dependencies, and licence compliance.
- [Scanning and Fingerprinting Examples](https://docs.scanoss.com/en/latest/cli/scanoss-js/scanning-and-fingerprinting-examples.md): Practical CLI examples for scanning, dependency detection, cryptography detection, and fingerprint generation using scanoss-js.
- [Advanced Use](https://docs.scanoss.com/en/latest/cli/scanoss-py/advanced-use.md): Advanced features and configurations for power users, including settings files, HPSM, multi-threading, and obfuscation.
- [Commands & Arguments](https://docs.scanoss.com/en/latest/cli/scanoss-py/commands-and-arguments.md): Complete reference for all SCANOSS-PY CLI commands, subcommands and their arguments.
- [Converting Results](https://docs.scanoss.com/en/latest/cli/scanoss-py/converting-results.md): Transform SCANOSS scan results between different formats, including CycloneDX, SPDX Lite, and CSV.
- [Installation](https://docs.scanoss.com/en/latest/cli/scanoss-py/installation.md): A Python library and CLI tool for Software Composition Analysis. Scan your codebase for open-source components, dependencies, and licence compliance.
- [Output Formats](https://docs.scanoss.com/en/latest/cli/scanoss-py/output-formats.md): SCANOSS-PY outputs scan results in multiple industry-standard formats, including CycloneDX, SPDX Lite, CSV, and the default JSON format.
- [Proxy and Certificate Options](https://docs.scanoss.com/en/latest/cli/scanoss-py/proxy-and-certificate-options.md): Configure HTTP/HTTPS proxies, PAC (Proxy Auto-Config), custom SSL certificates, and reverse proxy with API key injection for corporate networks and secure environments.
- [Scanning Your Project](https://docs.scanoss.com/en/latest/cli/scanoss-py/scanning-your-project.md): Scan your code for open-source components, licences, vulnerabilities, and dependencies using SCANOSS.
- [Using Docker](https://docs.scanoss.com/en/latest/cli/scanoss-py/using-docker.md): Run the SCANOSS Python CLI in isolated Docker containers using the official image from GitHub Container Registry.
- [SCANOSS-CC](https://docs.scanoss.com/en/latest/clients/code-compare.md): [SCANOSS Code Compare](https://github.com/scanoss/scanoss.cc) is a  desktop application for visual code comparison and open-source component  identification. It enables developers to review and manage licence findings  through a keyboard-driven interface with persistent decision management.
- [Component Search](https://docs.scanoss.com/en/latest/clients/workbench/api-services/component-search.md)
- [Crypto](https://docs.scanoss.com/en/latest/clients/workbench/api-services/crypto.md)
- [Dependencies](https://docs.scanoss.com/en/latest/clients/workbench/api-services/dependencies.md)
- [Raw Output](https://docs.scanoss.com/en/latest/clients/workbench/api-services/raw-output.md)
- [Vulnerabilities](https://docs.scanoss.com/en/latest/clients/workbench/api-services/vulnerabilities.md)
- [Installation & Quick Start](https://docs.scanoss.com/en/latest/clients/workbench/installation-quick-start.md): Get started with SBOM Workbench — installation, initial configuration, and creating your first project.
- [Metadata and Project Export / Import](https://docs.scanoss.com/en/latest/clients/workbench/metadata-export-import.md): Guide to exporting SBOMs in various formats and importing projects in SBOM Workbench.
- [Project, Scanning, Auditing and Reporting](https://docs.scanoss.com/en/latest/clients/workbench/project-scanning-auditing-reporting.md): Guide to understanding scan results, auditing components, and generating reports in SBOM Workbench.
- [Vulnerability and Crypto Scanning](https://docs.scanoss.com/en/latest/clients/workbench/vulnerability-crypto-scanning.md): Guide to identifying, analysing, and managing vulnerabilities and cryptographic algorithms in SBOM Workbench.
- [Certificate Management](https://docs.scanoss.com/en/latest/configuration/certificate-management.md): Configure HTTPS and TLS certificates for your Caddy proxy, including automatic certificates, self-signed certificates, and custom certificate files.
- [Proxy Configuration](https://docs.scanoss.com/en/latest/configuration/proxy-configuration.md): Set up a Caddy reverse proxy to centrally manage your SCANOSS API key and control outbound traffic across your organisation.
- [Command Parameters & Flags](https://docs.scanoss.com/en/latest/core/engine/command-parameters-flags.md): Complete reference for all SCANOSS Engine CLI parameters, flags, and environment variables used to configure and control scan behaviour.
- [Scanning a File or Directory](https://docs.scanoss.com/en/latest/core/engine/scanning-file-or-directory.md): Learn how to use the <a href='https://github.com/scanoss/engine' target='_blank' rel='noopener noreferrer'>SCANOSS Engine</a> to scan a file or directory against the SCANOSS Knowledgebase and interpret the identification results.
- [SCANOSS LDB](https://docs.scanoss.com/en/latest/core/scanoss-ldb.md): An overview of the <a href='https://github.com/scanoss/ldb' target='_blank' rel='noopener noreferrer'>LDB (Linked-list Database)</a>, the headless, read-optimised database engine at the core of the SCANOSS platform, designed for single-key lookups across vast amounts of open source data.
- [Components Overview](https://docs.scanoss.com/en/latest/getting-started/components-overview.md): An overview of the core components that make up the SCANOSS platform, including the Engine, LDB, Python CLI, and SBOM Workbench.
- [Declaring Components](https://docs.scanoss.com/en/latest/getting-started/declaring-components.md): SCANOSS provides a settings file to customise the scanning process.
- [Understanding Scan Results](https://docs.scanoss.com/en/latest/getting-started/understanding-scan-results.md): Scan results are saved to `results.json` by default.
- [Cloud Deployment](https://docs.scanoss.com/en/latest/installation/cloud-deployment.md): SCANOSS offers two managed cloud deployment models: **Dedicated SaaS** and **Shared SaaS**. Both are fully operated by SCANOSS and hosted in European data centres, providing strong data protection and regulatory compliance.
- [API Configuration](https://docs.scanoss.com/en/latest/installation/on-prem/configuration/api-configuration.md): Configure the SCANOSS API service using the application configuration file.
- [API Service Management](https://docs.scanoss.com/en/latest/installation/on-prem/configuration/api-service-management.md): Start, stop, and check the status of the SCANOSS API service.
- [Downloading the SCANOSS Knowledge Base](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/downloading-knowledge-base.md): Instructions for obtaining and configuring the SCANOSS Knowledge Base for on-premise deployments.
- [Hardware Requirements](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/hardware-requirements.md): Recommended hardware specifications for running SCANOSS on-premise.
- [Install Applications](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/install-applications.md): Install SCANOSS system dependencies and applications using the `install-scanoss.sh` script.
- [Install Knowledge Base](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/install-knowledge-base.md): Download and install the SCANOSS Knowledge Base or Test KB using the `kb-download.sh` script.
- [API Installation](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/installing-from-sources/api-installation.md): This section provides instructions for deploying the [SCANOSS Go API](https://github.com/scanoss/api.go).
- [Encoder Library Installation](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/installing-from-sources/encoder-library-installation.md): Complete the Engine installation by adding the `libscanoss_encoder` library to `/usr/lib/`.
- [Engine Installation](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/installing-from-sources/engine-installation.md): The [SCANOSS Engine](https://github.com/scanoss/engine) is a  command-line tool used to scan files or directories and identify open-source  components by comparing them against the SCANOSS knowledge base.
- [LDB Installation](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/installing-from-sources/ldb-installation.md): The [LDB](https://github.com/scanoss/ldb) is the underlying database engine for the Knowledge Base (KB) and is required for the [SCANOSS Engine](https://github.com/scanoss/engine) to run.
- [Prepare the Environment](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/prepare-environment.md): Clone the on-premise repository and configure script permissions before running the SCANOSS installation.
- [KB Test](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/validating-setup/kb-test.md): Step-by-step guide to validate the [SCANOSS Engine](https://github.com/scanoss/engine) and Knowledge Base ([LDB](https://github.com/scanoss/ldb)) in an on-premises installation.
- [Scanning Against the LDB Knowledge Base](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/validating-setup/scanning-ldb.md): Examples and instructions for scanning files and components against the SCANOSS LDB (Local Database) Knowledge Base.
- [Verify Installation](https://docs.scanoss.com/en/latest/installation/on-prem/deployment-guide/verify-installation.md): Verify that all SCANOSS components are functioning correctly after installation.
- [KB Update Guide](https://docs.scanoss.com/en/latest/installation/on-prem/kb-update-guide.md): Step-by-step instructions for downloading and updating the SCANOSS  on-premise Knowledge Base (KB) via SFTP. Access credentials will be provided by email.
- [KB Docker Example](https://docs.scanoss.com/en/latest/installation/on-prem/local-kb-docker-example.md): How to build and test a local SCANOSS Knowledge Base using Docker, covering file matching and snippet matching.
- [Overview](https://docs.scanoss.com/en/latest/installation/on-prem/overview.md): This document provides a step-by-step guide for installing SCANOSS in an on-premises environment.
- [Azure DevOps](https://docs.scanoss.com/en/latest/integrations/azure-devops.md): Integrate SCANOSS into your development workflow via Azure Pipelines.
- [Dependency-Track](https://docs.scanoss.com/en/latest/integrations/dependency-track.md): Dependency-Track and its integration with SCANOSS for continuous vulnerability monitoring and policy enforcement.
- [GitHub Actions](https://docs.scanoss.com/en/latest/integrations/github-actions.md): Integrate [SCANOSS](https://github.com/scanoss/gha-code-scan) into your CI/CD  pipeline via GitHub Actions for automated code scanning and licence compliance.
- [GitLab](https://docs.scanoss.com/en/latest/integrations/gitlab.md): Leverage <a href="https://gitlab.com/scanoss/glc-code-scan" target="_blank">SCANOSS</a> in different development scenarios via GitLab CI/CD.
- [Jenkins](https://docs.scanoss.com/en/latest/integrations/jenkins.md): Use <a href="https://github.com/scanoss/integration-jenkins" target="_blank">SCANOSS</a> in different development scenarios via Jenkins Pipelines.
- [OSS Review Toolkit (ORT)](https://docs.scanoss.com/en/latest/integrations/oss-review-toolkit.md): The [OSS Review Toolkit (ORT)](https://github.com/oss-review-toolkit/ort) is an enterprise-grade FOSS policy automation and orchestration toolkit.
- [Pre-Commit Hooks](https://docs.scanoss.com/en/latest/integrations/pre-commit-hooks.md): Automatically scan your staged files for undeclared open-source components before each commit using SCANOSS pre-commit hooks.
- [SonarQube](https://docs.scanoss.com/en/latest/integrations/sonarqube.md): Integrate SCANOSS into your SonarQube analysis pipeline using the <a href="https://github.com/scanoss/scanoss-sonar-plugin" target="_blank">SCANOSS SonarQube Plugin</a>.
- [Initial API Configuration](https://docs.scanoss.com/en/latest/introduction/initial-api-configuration.md): SCANOSS tools function without additional configuration and do not require an API key. However, an API key enables access to additional API features.
- [Platform Architecture Overview](https://docs.scanoss.com/en/latest/introduction/platform-architecture-overview.md): Overview of SCANOSS platform architecture, highlighting secure local  scanning, open-source knowledge management, and flexible deployment for reliable  software composition analysis.
- [Cryptography Detection](https://docs.scanoss.com/en/latest/introduction/use-cases/crypto-detection.md): How SCANOSS identifies and analyses cryptographic algorithms in software for security, compliance, and regulatory purposes.
- [Open Source in AI-Generated Code](https://docs.scanoss.com/en/latest/introduction/use-cases/oss-in-ai-gen-code.md): The rapid adoption of AI in software development has changed how code is written, introducing significant challenges around code transparency, licence compliance, and intellectual property risk.
- [OSS Licence Compliance](https://docs.scanoss.com/en/latest/introduction/use-cases/oss-license-compliance.md): How SCANOSS helps organisations identify, track, and manage open source licence obligations within their codebases.
- [What is SCANOSS?](https://docs.scanoss.com/en/latest/introduction/what-is-scanoss.md): SCANOSS is an open-source **software risk intelligence** platform that analyses source code to identify **declared and undeclared open-source usage**. It generates accurate, standards-based SBOMs and provides structured insight into software composition, licensing, and security through a command-lin…
- [Advanced Analysis](https://docs.scanoss.com/en/latest/poc/advanced-analysis.md): This guide walks you through extending your SCANOSS analysis with cryptography and security scanning. You'll learn how to detect cryptographic algorithms, identify vulnerabilities and generate comprehensive reports.
- [API Overview](https://docs.scanoss.com/en/latest/poc/apis/api-overview.md): Introduction to the SCANOSS API for software composition analysis, dependency information, vulnerability detection, and cryptography intelligence.
- [Component Search API](https://docs.scanoss.com/en/latest/poc/apis/component-search-api.md): Search components and retrieve versions, metadata, code statistics, and lifecycle status.
- [Dependencies API](https://docs.scanoss.com/en/latest/poc/apis/dependencies-api.md): Provides dependency analysis for software components, including direct and transitive dependency resolution.
- [Cryptography API](https://docs.scanoss.com/en/latest/poc/apis/encryption-api.md): Analyse cryptographic algorithms, usage hints and version coverage for software components.
- [Geoprovenance API](https://docs.scanoss.com/en/latest/poc/apis/geoprovenance-api.md): Retrieve geographical provenance of software components using contributor locations, commit timing patterns, and development activity.
- [License API](https://docs.scanoss.com/en/latest/poc/apis/license-api.md): Retrieve license information for software components, including SPDX details and approval status.
- [Scanning API](https://docs.scanoss.com/en/latest/poc/apis/scanning-api.md): Provides high-precision scanning of folder structures to identify software components based on project hierarchy, file names, and content patterns.
- [Semgrep API](https://docs.scanoss.com/en/latest/poc/apis/semgrep-api.md): Detect security, quality, and compliance issues in software components using Semgrep static analysis.
- [Vulnerability API](https://docs.scanoss.com/en/latest/poc/apis/vulnerability-api.md): Provides vulnerability data for software components, including CPE identifiers and known vulnerabilities (CVEs).
- [CI/CD Integration](https://docs.scanoss.com/en/latest/poc/cicd-integration.md): This guide walks you through integrating SCANOSS into your CI/CD pipeline. You'll learn how to automate scans, configure compliance policies and generate SBOMs as part of your continuous integration workflow.
- [Continuous Monitoring](https://docs.scanoss.com/en/latest/poc/continuous-monitoring.md): This guide walks you through establishing ongoing monitoring and compliance for your open source dependencies.
- [Desktop Integration](https://docs.scanoss.com/en/latest/poc/desktop-integration.md): This guide walks you through setting up SCANOSS on your local development machine. You'll learn how to scan your code, review findings, declare components and establish automated pre-commit checks.
- [Encryption Dataset](https://docs.scanoss.com/en/latest/poc/encryption-dataset/overview.md): The Encryption Dataset provides tools for identifying and analysing cryptographic algorithms used in your codebase. Choose your approach based on your specific needs.
- [SBOM Workbench](https://docs.scanoss.com/en/latest/poc/encryption-dataset/sbom-workbench.md): Guide to identifying, analysing, and managing cryptographic algorithms in your source code using [SBOM Workbench](https://github.com/scanoss/sbom-workbench).
- [SCANOSS API](https://docs.scanoss.com/en/latest/poc/encryption-dataset/scanoss-api.md): Provides cryptographic intelligence for software components including algorithm detection, encryption hints and cryptographic assessment across version ranges.
- [SCANOSS-PY](https://docs.scanoss.com/en/latest/poc/encryption-dataset/scanoss-py.md): Detect and analyse cryptographic algorithms used in open source components with [SCANOSS Python CLI](https://github.com/scanoss/scanoss.py).
- [Getting Started](https://docs.scanoss.com/en/latest/poc/getting-started.md): This page helps you quickly navigate to the right resources based on what you want to accomplish.
- [Mermaid diagrams](https://docs.scanoss.com/en/latest/poc/images/mermaid-diagrams.md)
- [Introduction](https://docs.scanoss.com/en/latest/poc/introduction.md): This documentation provides practical guidance for evaluating SCANOSS capabilities through proof-of-concept implementations. It covers hands-on testing scenarios across the SCANOSS core datasets: license compliance, cryptography detection and security vulnerabilities.
- [License Dataset](https://docs.scanoss.com/en/latest/poc/license-dataset/overview.md): Component identification and license compliance tools.
- [Product Context Dependency](https://docs.scanoss.com/en/latest/poc/license-dataset/product-context-dependency.md): Control where and how packages are used in your codebase with context aware rules and path restrictions.
- [GitHub Actions](https://docs.scanoss.com/en/latest/poc/license-dataset/sbom-creation/github-actions.md): Automatically scan code, generate SBOMs and enforce compliance policies in your CI/CD pipeline with SCANOSS.
- [SCANOSS SBOM Workbench](https://docs.scanoss.com/en/latest/poc/license-dataset/sbom-creation/sbom-workbench.md): Desktop application for comprehensive SBOM management with an intuitive graphical interface. Scan, analyze, and export SBOMs in multiple industry standard formats.
- [SCANOSS-JS](https://docs.scanoss.com/en/latest/poc/license-dataset/sbom-creation/scanoss-js.md): Saving scan results using [SCANOSS-JS](https://github.com/scanoss/scanoss.js).
- [SCANOSS-PY](https://docs.scanoss.com/en/latest/poc/license-dataset/sbom-creation/scanoss-py.md): Generate SBOMs in multiple industry standard formats using [SCANOSS-PY](https://github.com/scanoss/scanoss.py).
- [SCANOSS Settings](https://docs.scanoss.com/en/latest/poc/license-dataset/scanoss-settings.md): SCANOSS provides a settings file to customise the scanning process.
- [GitHub Actions](https://docs.scanoss.com/en/latest/poc/license-dataset/snippet-detection/github-actions.md): Automate software composition analysis in your CI/CD pipeline with the SCANOSS GitHub Action.
- [Pre-Commit Hooks](https://docs.scanoss.com/en/latest/poc/license-dataset/snippet-detection/pre-commit-hooks.md): Automatically scan your code before commits with [SCANOSS pre-commit hooks](https://github.com/scanoss/pre-commit-hooks), ensuring transparency and compliance are built directly into your workflow.
- [SCANOSS-CC](https://docs.scanoss.com/en/latest/poc/license-dataset/snippet-detection/scanoss-cc.md): [SCANOSS Code Compare](https://github.com/scanoss/scanoss.cc) is a lightweight desktop application for visual code comparison and component identification. It helps developers manage open source findings through an intuitive interface with keyboard shortcuts, persistent decision management and compr…
- [SCANOSS-JS](https://docs.scanoss.com/en/latest/poc/license-dataset/snippet-detection/scanoss-js.md): A comprehensive JavaScript library and CLI tool for Software Composition Analysis. Scan your code for open source components, dependencies and license compliance.
- [SCANOSS-PY](https://docs.scanoss.com/en/latest/poc/license-dataset/snippet-detection/scanoss-py.md): A comprehensive Python library and CLI tool for Software Composition Analysis. CLI tool for Software Composition Analysis. Scan your code for open source components, dependencies and license compliance.
- [Snippet Match Percentage](https://docs.scanoss.com/en/latest/poc/license-dataset/snippet-detection/snippet-match-percentage.md): Snippets are short pieces of code that might come from different public sources such as GitHub, GitLab or Stack Overflow. The snippet match percentage is a key metric in Software Composition Analysis (SCA) that indicates how much of your scanned file matches known open source code in the knowledge b…
- [Snippet Tuning Guide](https://docs.scanoss.com/en/latest/poc/license-dataset/snippet-detection/snippet-tuning-guide.md): Learn how to use snippet matching tuning parameters effectively to reduce false positives, improve match accuracy and customise SCANOSS scanning behavior for your codebase.
- [Dependency-Track](https://docs.scanoss.com/en/latest/poc/process-integrations/dependency-track.md): Dependency-Track and its integration with SCANOSS for continuous vulnerability monitoring and policy enforcement.
- [GitHub Actions](https://docs.scanoss.com/en/latest/poc/process-integrations/github-actions.md): Leverage [SCANOSS](https://github.com/scanoss/gha-code-scan) in different development scenarios via GitHub Actions.
- [OSS Review Toolkit (ORT)](https://docs.scanoss.com/en/latest/poc/process-integrations/oss-review-toolkit.md): The [OSS Review Toolkit (ORT)](https://github.com/oss-review-toolkit/ort) is an enterprise-grade FOSS policy automation and orchestration toolkit.
- [Process & Integrations](https://docs.scanoss.com/en/latest/poc/process-integrations/overview.md): Process & Integrations provides tools for automating scanning and monitoring in your CI/CD pipeline. Choose your integration based on your specific needs.
- [Proxy Pass Configuration](https://docs.scanoss.com/en/latest/poc/process-integrations/proxy-configuration.md): A proxy is a server that acts as an intermediary between your application and another server. Think of it like a translator or messenger.
- [Security Dataset](https://docs.scanoss.com/en/latest/poc/security-dataset/overview.md): The Security Dataset provides tools for identifying vulnerabilities and CVEs in your components. Choose your approach based on your specific needs.
- [SBOM Workbench](https://docs.scanoss.com/en/latest/poc/security-dataset/sbom-workbench.md): The [SBOM Workbench](https://github.com/scanoss/sbom-workbench) is a graphical user interface to scan and audit source code using the SCANOSS API.
- [SCANOSS API](https://docs.scanoss.com/en/latest/poc/security-dataset/scanoss-api.md): Provides vulnerability intelligence for software components including CPE enumeration and vulnerability analysis.
- [SCANOSS-PY](https://docs.scanoss.com/en/latest/poc/security-dataset/scanoss-py.md): Detect and analyse security vulnerabilities in open source components with the [SCANOSS Python CLI](https://github.com/scanoss/scanoss.py).
- [SBOM Workbench Workflow](https://docs.scanoss.com/en/latest/poc/workflows/sbom-workbench-workflow.md): Comprehensive guide for scanning, auditing and managing Software Bills of Materials using SBOM Workbench.
- [Changelog / Version History](https://docs.scanoss.com/en/latest/release-notes/changelog-version-history.md): SCANOSS is a modular platform distributed across several independent repositories on GitHub.
- [References and External Docs](https://docs.scanoss.com/en/latest/release-notes/references-external-docs.md): This page collects the key external standards, specifications, tools,  and resources that SCANOSS builds on, integrates with, or references throughout  its documentation.
- [Authentication](https://docs.scanoss.com/en/latest/sdks/java/authentication.md): How to authenticate the SCANOSS Java SDK with an API key and configure a custom API endpoint.
- [Overview](https://docs.scanoss.com/en/latest/sdks/java/overview.md): The <a href='https://github.com/scanoss/scanoss.java' target='_blank' rel='noopener noreferrer'>SCANOSS Java SDK</a> provides a Java library for interacting with the SCANOSS API and scanning engine directly from your Java projects.
- [Usage](https://docs.scanoss.com/en/latest/sdks/java/usage.md): The `scanoss` Java package can be imported and used directly in your own Java projects via the `com.scanoss` package.
- [Authentication](https://docs.scanoss.com/en/latest/sdks/javascript/authentication.md): How to authenticate the SCANOSS JavaScript SDK with an API key and configure custom API endpoints.
- [Overview](https://docs.scanoss.com/en/latest/sdks/javascript/overview.md): The <a href='https://github.com/scanoss/scanoss.js' target='_blank' rel='noopener noreferrer'>SCANOSS JS</a> SDK provides a JavaScript module for interacting with the SCANOSS API and scanning engine directly from your JavaScript projects.
- [Usage](https://docs.scanoss.com/en/latest/sdks/javascript/usage.md): The `scanoss` package can be imported directly into JavaScript and TypeScript projects from `scanoss`.
- [Authentication](https://docs.scanoss.com/en/latest/sdks/python/authentication.md): How to authenticate the scanoss.py Python SDK with an API key and configure a custom API endpoint.
- [Overview](https://docs.scanoss.com/en/latest/sdks/python/overview.md): The SCANOSS Python SDK is a library for integrating with the SCANOSS API and scanning engine from Python scripts and applications.
- [Usage](https://docs.scanoss.com/en/latest/sdks/python/usage.md): The `scanoss` package can be imported directly into your own Python projects and scripts via `scanoss.scanner`.
- [Support & Contribution](https://docs.scanoss.com/en/latest/support-and-contribution.md): Get help with SCANOSS tools, request features, contribute to tools, and give back to the community.
- [Troubleshooting & FAQs](https://docs.scanoss.com/en/latest/troubleshooting-and-faqs.md): Answers to common questions and troubleshooting guidance for SCANOSS tools, integrations, and APIs.
- [Github](https://docs.scanoss.com/link/github.md)
- [Software](https://docs.scanoss.com/link/software.md)
- [Web](https://docs.scanoss.com/link/web.md)
- [Youtube](https://docs.scanoss.com/link/youtube.md)

## OpenAPI Specs

- [vulnerabilities-openapi](https://docs.scanoss.com/api-reference/vulnerabilities-openapi.json)
- [semgrep-openapi](https://docs.scanoss.com/api-reference/semgrep-openapi.json)
- [scanning-openapi](https://docs.scanoss.com/api-reference/scanning-openapi.json)
- [licenses-openapi](https://docs.scanoss.com/api-reference/licenses-openapi.json)
- [geoprovenance-openapi](https://docs.scanoss.com/api-reference/geoprovenance-openapi.json)
- [dependencies-openapi](https://docs.scanoss.com/api-reference/dependencies-openapi.json)
- [cryptography-openapi](https://docs.scanoss.com/api-reference/cryptography-openapi.json)
- [components-openapi](https://docs.scanoss.com/api-reference/components-openapi.json)