Membership Updates - SCANOSS joins

Let’s welcome our new member SCANOSS.

As many of you would already know SCANOSS provides open OSS Inventory & Intelligence for DevSecOps (https://www.scanoss.com/) and Software Composition Analysis plays in the Trust goals in GGI. Good conversations ahead!

This was announced on our different channels and updated on the web site, feel free to share.

1 Like

Thanks Fred for the announcement, and welcome to the OSPO Alliance, ScanOSS!

Thanks for the warm welcome. We are delighted to be part of the OSPO Alliance.

SCANOSS is a data company in the SCA market. Our main product is our SCANOSS KB (Knowledge Base) about open source software, licenses, algorithms, etc. To create it, enrich it and maintain it, we use open source and create software that we publish under permissive licenses. With our software, anyone can create their own knowledge base, just like we did. You can find the software here: SCANOSS · GitHub

In the data space, we have created OSSKB (Open Source Software Knowledge Base), focused on license compliance, widely accessible for free (gratis) to anyone interested, including tools, through the Software Transparency Foundation. Access to OSSKB here: https://osskb.org/

Additionally, SCANOSS is taking steps in the open data space by publishing and maintaining two data sets so far:

  • The purl2cpe project is a dataset that contains relations between CPEs (Common Product Enumerator) and PURLs (Package URL).
  • Crypto_algorithms_open_dataset is a data set that includes a list of cryptography algorithms with an open source implementation. Originally it was the output of SCANOSS mining efforts across its entire SCANOSS KB, which includes all relevant open source software published. Today, the intention is to turn it into a collaborative project to enrich and maintain this data set, for a variety of use cases like export control, quantum safe or compliance with different regulations.
4 Likes

Welcome to you and the SCANOSS team!
Security, resilience are big topics and its good to have your views on the SCA market and organisation level of matutiry or focus here.
SCA is part of GGI Trust goal … your inights on refining or further developing this (and other goals) are very welcome !!