A Game-Changer for DevSecOps Workflows
What’s New?
SCANOSS introduces the Code Compare feature, a new tool that integrates directly into your workflow. This tool helps developers detect hidden or risky open source code, while they are coding. With a simple command, Code Compare opens a side-by-side visual comparison of your code and the matched code from open source repositories, allowing you to identify potential risks and make informed decisions. mark components as included/dismissed/replaced with single keystrokes and access their previous decisions in future scans.
How It Works?
Launch the feature from your terminal with the scanoss-cc command or via the application menu. Using familiar vim-style shortcuts (j/k), you can easily navigate scan results and compare identified code side-by-side with potential matches, whether snippets or exact matches. Scan results are displayed in an organised file list, allowing quicker navigation and more efficient comparison. Code Compare allows you to record decisions made during the review process.
All decisions are stored locally in a settings file, which ensures they are preserved across future scans for seamless reference. This settings file enables the Code Compare feature to flag previously reviewed components in new scans, streamlining productivity and simplifying decision management for open source findings.
Why It Matters
DevSecOps teams need speed and precision, and the SCANOSS Code Compare feature is built with that in mind.
Speed and simplicity define the SCANOSS integration into your workflow, allowing you to launch the tool instantly from your terminal using the simple scanoss-cc command. Designed for rapid decision-making during development, it offers a significantly faster alternative to the SBOM Workbench for quick checks, streamlining your workflow with ease.
Seamless pre-commit integration ensures that the Code Compare feature works effortlessly with the SCANOSS pre-commit hooks, catching open-source components before they enter your codebase. Decisions are recorded locally, and the settings file can be committed to your repository. Future commits automatically respect these decisions, eliminating repeated findings on already-reviewed code and keeping a consistent review process.
Our developer-first approach keeps your work in your local development environment, removing the need to context-switch to external tools or workbenches. Make quick decisions without disrupting your coding flow and rely on the settings file (scanoss.json) embedded in your code, enabling team collaboration.
Where To Find the code compare feature?
Find our tools on GitHub
Experience the SCANOSS Code Compare feature today and bring clarity, control, and compliance to your open source usage.
コメント