Perform a Software Composition Analysis scan
Use DigiCert® Software Trust Manager Threat detection powered by FOSSA to scan your software for malware, vulnerabilities, secrets, and more before releasing your software to the public.
Note
Add app.fossa.com to your approved list to prevent your firewall or proxy from blocking calls to FOSSA's cloud.
Prerequisites
Software Trust Manager client tools (version 1.39.0 or higher)
Check out the source code repository before running the scan
Install FOSSA
To install FOSSA:
Create a project
Create a project to store all your related software scans, such as different versions of the same software. The software project will be referred to by a descriptive name and an alias to allow for easy reference.
You can create a project in Software Trust Manager or SMCTL:
Scan with Software Composition Analysis
To scan source code with FOSSA, use the command:
smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>
Command sample:
smctl scan fossa-scan --input app/SB-Setup/test-project --version HEAD --project xyz --scan-alias scan1
Astuce
Refer to errors and solutions if you encounter an error.
View scan results
To view your software scan results:
Sign in to DigiCert ONE.
Navigate to Manager menu icon (top right).
Select Software Trust.
Navigate to Threat detection.
Click on the scan alias.