https://OpenChain-Project.github.io/OpenChain-KWG/en/tags/scanoss/Recent content in SCANOSS on OpenChain KWGHugoenhttps://OpenChain-Project.github.io/OpenChain-KWG/en/guide/tools/9-scanoss/Mon, 01 Jan 0001 00:00:00 +0000https://OpenChain-Project.github.io/OpenChain-KWG/en/guide/tools/9-scanoss/<p>SCANOSS is a Software Composition Analysis (SCA) tool that can identify open source components not only at the file level but down to the <strong>snippet (code fragment) level</strong>. It detects license and copyright information by matching against a knowledge base (OSSKB, Open Source Knowledge Base) that indexes more than 100 million files, and automatically generates SBOMs in CycloneDX and SPDX formats.</p> <ul> <li>GitHub: <a href="https://github.com/scanoss">https://github.com/scanoss</a></li> <li>Official site: <a href="https://www.scanoss.com">https://www.scanoss.com</a></li> <li>License: Apache-2.0</li> </ul> <h2 id="1-key-features">1. Key features</h2> <ul> <li><strong>Snippet-level matching</strong>: Can trace the origin even when a portion of code, rather than an entire file, has been copied or modified</li> <li><strong>Large-scale knowledge base</strong>: OSSKB indexes more than 100 million open source files — covering major package repositories and GitHub</li> <li><strong>Automatic SBOM generation</strong>: Supports CycloneDX (JSON/XML) and SPDX format output</li> <li><strong>Both CLI &amp; REST API</strong>: Provides both the <code>scanoss-py</code> (Python) CLI and a REST API, making automation integration easy</li> <li><strong>CI/CD pipeline integration</strong>: Can scan with a single command in CI environments such as GitHub Actions</li> </ul> <h2 id="2-installation">2. Installation</h2> <p>Install via pip in a Python 3.8 or later environment.</p>