is SCANOSS GitHub marketplace app. It reports presence of known Open Source software in your code that is not declared in your oss_assets.json file. It helps developers and organisations stay on top of Open Source compliance, because their source code gets scanned continuously, after every code push.

Once installed in a GitHub repository, when a developer pushes code, performs a scan. It also performs an initial scan of the entire repository with the first commit to the repository. The results of the initial scan are shown in an issue.

The results of every commit scan produce two outputs:

  • First creates a comment in the commit with the results of a scan. This scope of a commit scan are the files in the commit.
  • Sets the build status to failure if the scan finds OSS that is not declared in oss_assets.json. Otherwise, it sets the build status to success.

Once analysed the scan results, you can declare the OSS components that you are using in a oss_assets.json file. You can look at the specification document for examples.

Setup page

The Setup page allows you to configure your plan as well as perform rescans of your repositories. You will access this page as part of your purchase. The URL is:

setup page - rescan

Initial scan results example

initial scan

Commit scan results example

commit scan results