Skip to main content

Perform a Software Composition Analysis scan

Use DigiCert​​®​​ Software Trust Manager Threat detection powered by FOSSA to scan your software for malware, vulnerabilities, secrets, and more before releasing your software to the public.

Note

Add app.fossa.com to your approved list to prevent your firewall or proxy from blocking calls to FOSSA's cloud.

Prerequisites

Install FOSSA

To install FOSSA:

Create a project

Create a project to store all your related software scans, such as different versions of the same software. The software project will be referred to by a descriptive name and an alias to allow for easy reference.

You can create a project in Software Trust Manager or SMCTL:

Scan with Software Composition Analysis

To scan source code with FOSSA, use the command:

smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>

Command sample:

smctl scan fossa-scan --input app/SB-Setup/test-project --version HEAD --project xyz --scan-alias scan1

Astuce

Refer to errors and solutions if you encounter an error.

View scan results

To view your software scan results:

  1. Sign in to DigiCert ONE.

  2. Navigate to Manager menu icon (top right).

  3. Select Software Trust.

  4. Navigate to Threat detection.

  5. Click on the scan alias.

  6. Assess your threat detection results.