The first multiplatform
OSS auditing app.

Auditing your source code for license compliance has never been easier. Simply download the SCANOSS Audit Workbench and scan your source code directory to find and identify open source components. Generate your SPDX-Lite software bill of materials (SBOM) with the press of a button.

Also available on

Analyzes your source code
on the spot, fast and secure

Cryptographic fingerprints are obtained from your source code and sent to the public OSS Knowledgebase API for comparison.

This means that your code is analyzed on the spot, without ever leaving your computer. Audit Workbench requires no user authentication and our servers are 100% stateless, which means your analysis is performed in an absolute anonymous fashion.

Audit your source code in no time!

Using the latest UX practices & technologies, you can enjoy an agile and modern user interface that will allow you to thoroughly audit your source code in no time at all. You can easily spot even small code fragments that have been "borrowed" from websites or Open Source projects.

You can easily spot even small code fragments that have been "borrowed" from websites or Open Source projects.

Continuous component identification
and SBOM

Built specifically with developers in mind

Empower developers to confidently produce compliant code, while providing greater usage and licence visibility to the broader DevOps-team.

Fully configurable and 100% Open Source

No proprietary algorithms, closed binaries or corporate source code.

Architected for Speed and Development Velocity

‘Start left’ in the development lifecycle by performing continuous validations instead of waiting on one final audit at the end.

100% Open Source Platform architecture

Shouldn’t all SCA tooling used to scan for Open Source code actually be Open Source themselves?

Open Inventorying Engine

To analyze & compare Open Source Code snippets, filers or Winnowing fingerprints.

Open SBOM

Continuously generate an open Software Bill of Materials. Store your SBOM in SPDX or CycloneDX.

Open Indexing Algorithm

Using an open algorithm called ‘winnowing’ to store OSS files, snippets & code.

Open RESTful API

Client side applications and middleware can leverage this API to interact with the SCANOSS Engine.

Open Database Engine

Your query performance is critical. Our Knowledge Base has already passed 2 trillion fingerprints.

Open Webhooks & CLI

Trigger secure source code analysis with every git push using webhooks or embed it into your CI/CD pipelines using the CLI.

An ‘always on’ SBOM

A continuous snapshot of ‘live’ code. No more waiting around for an audit to finish

Continuous SBOM creation and license compliance updates
Directly actionable for any developer v.s. a small army of auditors.
Frictionless SBOM communication up & down the supply chain.

"Fully integrated into your
Development Tools
and Processes"

100% Open architecture allows for easy integrations
Native support for most DevOps toolchains
Integrate with existing SCA tooling without overlap (e.g. SPDX)
Open data architecture allows for comparable results

SCA is Broken.

Let’s fix it.

It’s time to reinvent Software Composition Analysis (SCA) with an Open Source inventorying platform aimed at modern DevOps environments.

Download the eBook

Analyzes your source code on the spot, fast and secure