SCANOSS is proud to announce a significant milestone: our attainment of ISO 27001 certification and SOC 2 Type II attestation, a testament to our dedication to data security and privacy. Our approach is clear-cut: we protect customer data by ensuring it never leaves their premises.
In the world of Software Composition Analysis we’re not the only ones to say we don’t handle customer source code, but as an Open Source platform, SCANOSS stands apart. Anyone can verify that our system operates by analyzing and reading only irreversible fingerprints of your source code. Under no circumstances does your code leave your premises.
Anonymous by Design
Our unique Open Source platform doesn’t just claim to protect your data – it demonstrates it, empowering users to independently validate that their data never leaves their control. SCANOSS doesn’t even require usernames or passwords – nothing that could compromise data privacy. We live by our mantra of “trust is good, but proof is better”.
Streamlined Path to Certification
With no sensitive data to protect, our journey to ISO 27001 and SOC 2 Type II compliance was unusually straightforward. The absence of traditional user credentials and reliance exclusively on code fingerprints made our model simpler to validate and meet stringent security and privacy standards.
SCANOSS is the first affordable, open OSS Inventory & Intelligence platform that was built specifically for modern DevSecOps and supply chains. Empowering them and their supply chain partners to deliver greater license, security, quality and provenance visibility and control. By freeing developers to focus on writing great, secure and compliant code that they and their team can completely trust, applications are finished earlier, their quality is consistently higher, and development costs are dramatically lower.