Analyzes your source code
on the spot, fast and secure
Cryptographic fingerprints are obtained from your source code and sent to the public OSS Knowledgebase API for comparison.
This means that your code is analyzed on the spot, without ever leaving your computer. Audit Workbench requires no user authentication and our servers are 100% stateless, which means your analysis is performed in an absolute anonymous fashion.
Audit your source code in no time!
Using the latest UX practices & technologies, you can enjoy an agile and modern user interface that will allow you to thoroughly audit your source code in no time at all. You can easily spot even small code fragments that have been "borrowed" from websites or Open Source projects.
You can easily spot even small code fragments that have been "borrowed" from websites or Open Source projects.
Empower developers to confidently produce compliant code, while providing greater usage and licence visibility to the broader DevOps-team.
No proprietary algorithms, closed binaries or corporate source code.
‘Start left’ in the development lifecycle by performing continuous validations instead of waiting on one final audit at the end.
Shouldn’t all SCA tooling used to scan for Open Source code actually be Open Source themselves?
Open Inventorying Engine
To analyze & compare Open Source Code snippets, filers or Winnowing fingerprints.
Continuously generate an open Software Bill of Materials. Store your SBOM in SPDX or CycloneDX.
Open Indexing Algorithm
Using an open algorithm called ‘winnowing’ to store OSS files, snippets & code.
Open RESTful API
Client side applications and middleware can leverage this API to interact with the SCANOSS Engine.
Open Database Engine
Your query performance is critical. Our Knowledge Base has already passed 2 trillion fingerprints.
Open Webhooks & CLI
Trigger secure source code analysis with every git push using webhooks or embed it into your CI/CD pipelines using the CLI.
- 100% Open architecture allows for easy integrations
- Native support for most DevOps toolchains
- Integrate with existing SCA tooling without overlap (e.g. SPDX)
- Open data architecture allows for comparable results
SCA is Broken.
Let’s fix it.
It’s time to reinvent Software Composition Analysis (SCA) with an Open Source inventorying platform aimed at modern DevOps environments.Download the eBook