About
SCANOSS is an affordable, open OSS Inventory & Software Intelligence platform designed specifically for DevSecOps and supply chains. It provides actionable insights on open source software licenses and security vulnerabilities associated with undeclared OSS, legacy components, and AI-generated code. This platform enables organizations to manage their software supply chain more effectively, addressing potential security risks and compliance challenges inherent in modern software development practices. SCANOSS supports teams of all sizes, offering customizable pricing options to suit various organizational needs.
Related Vendors
Wind River provides software and platform solutions for mission-critical embedded and edge systems. The record describes a Yocto Project embedded Linux subscription that includes security vulnerability monitoring, long-term maintenance and support, and materials around the software bill of materials (SBOM). Wind River also offers Studio tools to create, build and integrate software for embedded and edge systems, an embedded virtualization platform to run multiple OSes on a single SoC, and a Debian-based enterprise Linux distribution for edge computing. The company describes tooling to automate testing, deploy, orchestrate and update software for embedded devices and to analyze data across networks of distributed devices and servers.
NetRise offers the NetRise Platform for software supply chain security by analyzing compiled code rather than source code. The platform provides visibility into compiled software that runs in devices, apps, operating systems, and critical infrastructure, identifying components in a software build and validating the Software Bill of Materials (SBOM) with a binary-derived inventory of code that actually executes. NetRise emphasizes prioritization — "See Beyond CVEs" and "Prioritize What's Reachable" — to drive remediation and mitigation. The product also supports supplier risk assessment and comparing products for procurement, and enables inspection of third-party code without relying on vendor self-attestations or delayed disclosures.
Inedo provides self-managed DevSecOps tools for development and DevOps teams that can be installed, updated, and scaled on-premises or in hybrid cloud environments (Windows or Linux). Their product portfolio and publications focus on software supply chain problems: centralizing, curating, and governing packages to reduce security risks and compliance issues. Documentation and guides reference ProGet (package management), BuildMaster (deployment and CI/CD), migration guidance from Sonatype/JFrog, and Chocolatey. Materials mention package approvals, managing vulnerabilities, versions and licenses, and building a CI/CD pipeline for internal packages. The site also references free versions of tools and a free expert assessment to identify gaps and create a modernization roadmap.