Madrid, Spain — Today, Beijing SanheTrust Technology Co., Ltd. officially announces a strategic cooperation with SCANOSS, a global leader in open source software governance, to jointly promote the localised rollout of SCANOSS products and solutions in the Chinese market. This cooperation marks SCANOSS’s official entry into the Chinese market, and also means that Chinese enterprises will gain world-leading open source software composition analysis (SCA), software bill of materials (SBOM) and open source compliance governance capabilities.
Open source drives innovation, security and compliance have become necessities for enterprises
With the ongoing digital transformation, open source software has become the core foundation of enterprise R&D, widely used in key fields such as finance, intelligent manufacturing, automotive, Internet, and the public sector. However, at the same time, problems such as open source license compliance risks, security vulnerabilities, supply chain attacks, and difficulty in tracing AI-generated code have become increasingly prominent; coupled with domestic policy requirements such as the Data Security Law, Level Protection 2.0, and supply chain security reviews, enterprises have an urgent demand for a “transparent, credible, and automated” open source governance platform.
World-leading open source governance technology: core value of SCANOSS
SCANOSS is the first open source SCA platform. The SCANOSS Knowledge Base covers more than 100 billion open source files (3.9 billion unique) and 3 trillion lines of open source code, enabling accurate identification of declared and undeclared open source components, code snippet reuse, and the source of AI-generated code.
- Full open source architecture: core engine is open source for full auditability
- Accurate traceability: code snippet-level comparison to identify the risks of copy-paste and AI-generated code
- Automated SBOM: one-click generation of SPDX and CycloneDX bills of materials
- Shift-left security: natively integrated with IDE and CI/CD to catch risks early in development
- Flexible deployment: public cloud, private deployment, and localised adaptation to meet data compliance requirements
Strong alliance to build localised service capabilities in the chinese market
As SCANOSS’s strategic partner in China, SanheTrust will be fully responsible for the market promotion, network development, sales and technical support of SCANOSS in China, including:
- Product localisation (Chinese translation), adaptation and continuous iteration
- Pre-sales consultation, POC testing and implementation delivery for Chinese customers
- 24/7 technical support, training and compliance consulting services
- Jointly developed industry solutions (finance, manufacturing, automotive, government and enterprises, etc.)
- Joint market operations: online salons, industry summits, whitepaper releases and case studies
“China is one of the most dynamic technology markets in the world, with a booming open source innovation ecosystem. We are honoured to cooperate with SanheTrust to bring SCANOSS’s open, transparent and efficient open source governance technology to Chinese enterprises, helping them strengthen their line of defence for security and compliance while innovating rapidly. SCANOSS’s technical advantage lies in accurately identifying undeclared open source components and tracing AI-generated code. We believe that cooperation with SanheTrust will enable these capabilities to better serve the software supply chain security needs of Chinese enterprises.“
Julian Coccia, CTO, SCANOSS
“Open source security and compliance are no longer choices, but must-do questions for enterprise digitalization. SCANOSS has significant advantages in technical transparency, identification accuracy and automation capabilities, and its experience in serving many well-known enterprises around the world will bring new open source governance ideas to Chinese enterprises. Taking this cooperation as the starting point, we will deepen local needs and provide Chinese customers with an integrated open source governance solution of ‘global technology + local services’, helping enterprises embrace open source safely, compliantly and efficiently.“
Dongxiaoming, CEO, Beijing SanheTrust Technology Co., Ltd.
About SCANOSS
Headquartered in Madrid, Spain, SCANOSS is a world-leading provider of open source software composition analysis (SCA) and software bill of materials (SBOM) technologies. It is committed to reshaping software supply chain security governance through open standards and open data, serving hundreds of enterprises and institutions around the world, including well-known enterprises, covering key industries such as automotive, medical, industrial, IoT, and telecommunications. Its core products have capabilities such as encryption analysis, code traceability, and security vulnerability detection, which can help enterprises fully grasp the use of open source software and avoid compliance and security risks. Official website: https://scanoss.com
About Beijing SanheTrust Technology Co., Ltd.
Beijing SanheTrust Technology Co., Ltd. is a leading provider of software security and open source governance services in China. It has been deeply rooted in the Chinese market for 8 years, serving more than 300 government, enterprise and industry customers, and has rich delivery experience and a good customer reputation in fields such as finance, manufacturing, automotive, and government and enterprises. The company focuses on fields such as software supply chain security, open source compliance governance, and data security. With a professional technical team and localized service capabilities, it provides customers with full-process security solutions. This strategic cooperation with SCANOSS will further improve the company’s capability layout in the field of software supply chain security, provide customers with end-to-end security and compliance solutions, and help the steady progress of Chinese enterprises’ digital transformation.
