SCANOSS VSCode Plugin

Intro

The SCANOSS plugin for Visual Studio Code (VSCode) is an indispensable tool designed to enhance open source management within the widely-used code editor. By leveraging the OSSKB.org API endpoint provided by the Software Transparency Foundation, this plugin offers developers real-time visibility into software's composition, accurately identifying both declared and undeclared dependencies, components, files, and even code snippets.

With the increasing adoption of AI-generated code and the risk of plagiarism, it is crucial to validate the origin and compliance of such code. The SCANOSS plugin utilizes the extensive SCANOSS knowledgebase to assess potential security vulnerabilities, licensing issues, and compliance risks directly within the VSCode environment. This empowers developers to effectively manage open source components, ensuring the security, reliability, and compliance of their software throughout the development process.

Usage

You can use the following commands from the VScode command palette:

The .scanoss directory will serve as the storage location for all files associated with the scanning process.

Configuration

You can create a configuration file .scanossrc with the following options:

API Configuration

You can configure the API connection parameters to use dedicated servers.

To do this, set the following:

• API URL: Setting the URL from Extensions Preferences (File -> Preferences -> Settings -> Extensions -> SCANOSS).
• API KEY: Run the SCANOSS: Store API Key command from the Command Palette (View -> Command Palette)