scanoss.app is SCANOSS GitHub marketplace app. It reports presence of known Open Source software in your code that is not declared in your
oss_assets.json file. It helps developers and organisations stay on top
of Open Source compliance, because their source code gets scanned continuously, after every code push.
Once installed in a GitHub repository, when a developer pushes code, scanoss.app performs a scan. It also performs an initial scan of the entire repository with the first commit to the repository. The results of the initial scan are shown in an issue.
The results of every commit scan produce two outputs:
- First scanoss.app creates a comment in the commit with the results of a scan. This scope of a commit scan are the files in the commit.
- Sets the build status to failure if the scan finds OSS that is not declared in
oss_assets.json. Otherwise, it sets the build status to success.
Once analysed the scan results, you can declare the OSS components that you are using in a
oss_assets.json file. You can look at the specification document for examples.
The Setup page allows you to configure your plan as well as perform rescans of your repositories. You will access this page as part of your purchase. The URL is: https://app.scanoss.co.uk/setup/welcome.
Initial scan results example
Commit scan results example