Skip to main content

Overview

Complete SCANOSS Guide

Follow this guide to evaluate all SCANOSS capabilities for your organisation.

Desktop Integration

Start by testing SCANOSS locally on your development machine:
  1. Install SCANOSS-PY and SCANOSS-CC
  2. Navigate to your project directory
  3. Run a scan with SCANOSS-PY or SCANOSS-CC
  4. Declare components using SCANOSS-CC or SCANOSS Settings
  5. Setup Pre-Commit Hooks
  6. Test pre-commit by making a commit

CI/CD Integration

Automate scanning in your CI/CD pipeline:
  1. Setup GitHub Actions workflow
  2. Configure API secrets
  3. Set trigger events (push, pull requests)
  4. Define compliance policies
  5. Review scan results
  6. Download SBOMs from workflow artifacts

Advanced Analysis

Extend your analysis with cryptography and security scanning:
  1. Run cryptography scan to detect algorithms
  2. Review detected cryptographic implementations
  3. Run vulnerability scan to identify CVEs
  4. Assess risk levels for detected vulnerabilities
  5. Export comprehensive reports using SBOM Workbench

Continuous Monitoring

Establish ongoing monitoring and compliance:
  1. Integrate with Dependency Track for continuous monitoring
  2. Track vulnerabilities and components over time
  3. Setup ORT Integration for compliance automation
  4. Define policy rules for your organization
  5. Generate compliance reports automatically
  6. Monitor alerts and prioritize remediation

Explore by Section