SCANOSS Workbench v1.19.0 is live 🚀. ✅ RAW results import (viewer mode).✅ Import w/ source for side-by-side review.✅ CycloneDX + SPDX Lite exports. Details →

If you're mapping out your #OSSummit week—make room for this. Matias D’Aloia (SCANOSS) is bringing real crypto detection to the stage. Why? Because post-quantum risk starts with knowing what your OSS is doing. 🧾 Details in flyer.🔗

Introducing Grok Imagine.

Banks must now:.- Map all cryptographic usage.- Monitor third-party encryption.- Prepare for post-quantum migration.Regulations like DORA and guidance from the NCSC require clear action. This blog explains what financial institutions need to do now.

Today at OSS Europe!. If you're in Amsterdam, swing by Elicium 2B at 16:30 to hear Matias D’Aloia explain how SCANOSS detects cryptographic functions across open source codebases at scale. 🔗

1 week to #OSSummit Europe!. Join SCANOSS’s Matias Daloia on Mon, Aug 25 at 16:30 (Room G106) for:. 🔐 Know Your Crypto: Standardising + detecting crypto algorithms the open source way. Don’t miss it →

SBOM Workbench v1.19 is out. New toys:.• Import RAW results directly.• Bring in projects with source.• CycloneDX output plays nicer with Dependency Track. Grab it:

Declared dependencies ≠ full visibility. Most risks hide in reused code, stripped of metadata and licensing. SCANOSS detects these at the snippet level — and helps generate complete, verifiable SBOMs. Read the whitepaper →

Governance is more than SBOM generation. It’s about traceability, auditability, and real-time integration into CI/CD. SCANOSS supports all three. Read the full whitepaper →

You also need to know who wrote the code and where — contributor origin is becoming a compliance concern under export controls.

Legacy tools can’t catch that. SCANOSS scans at the snippet level, detecting reused or stripped-down code across massive codebases.

The problem isn’t just what’s declared — it’s what isn’t. Undeclared open source code (copied, modified, unreferenced) can introduce licensing and security liabilities without warning.

SBOMs have become a requirement — but they still miss the most important risks in the supply chain. Here's what the new SCANOSS whitepaper uncovers 👇.

Most software includes crypto. Most orgs don’t know what or where. That’s the problem. We’ll talk solutions at #OSSummit Europe:.SPDX. Open datasets. Real transparency. 🎤 Mon 25 Aug | 16:30 | Elicium 2B.

We’re speaking at #OSSummit Europe!. Talk: Know Your Crypto.📅 Mon 25 Aug | 🕓 16:30 CEST.📍 Elicium 2B. From SPDX to open datasets, SCANOSS will share how to make crypto transparency real. Don’t miss it →

Forget clean syntax. AI doesn’t want your pretty code. Our CTO built an entire Swift app without seeing a line of Swift. What he found? A glimpse into a post-human programming model. New post:

“Software isn’t manufactured. It’s composed.”. And that’s where traditional SCRM breaks down. New blog: how to rethink software supply chain risk. →

What’s the weakest link in your software supply chain?. SCRM isn’t just about inventories. It’s about evidence. Read why SBOMs need validation — and how real supply chain risk starts at the code level. Blog:

SBOMs show what’s declared. SCRM asks: can you prove it?. Modern software is assembled, copied, even AI-generated. Verification, not assumption, is the real risk control.

What’s the weakest link in your software supply chain?.

No vendor lock-in. No black-box audits. Just open, auditable, continuous compliance. Read the whitepaper →