Description of the project under analysis
Name of the project
License of the project
Description of the project
Scan settings and other configurations
Set of rules to skip files from fingerprinting and scanning
List of glob patterns (gitignore format) to exclude files from scanning. Patterns are matched relative to the scan root directory.
/ matches a directory* matches anything except /** matches zero or more directories[0-9] matches character ranges? matches a single character except /! negates a patternAll items must be unique
No Additional Items"path/to/folder"
"path/to/folder/**"
"path/to/folder/**/*"
"path/to/file.c"
"path/to/another/file.py"
"**/*.ts"
"**/*.json"
"!important.log"
"temp/"
"debug[0-9]*.txt"
List of glob patterns (gitignore format) to exclude files from fingerprinting. Patterns are matched relative to the scan root directory.
/ matches a directory* matches anything except /** matches zero or more directories[0-9] matches character ranges? matches a single character except /! negates a patternAll items must be unique
No Additional Items"path/to/folder"
"path/to/folder/**"
"path/to/folder/**/*"
"path/to/file.c"
"path/to/another/file.py"
"**/*.ts"
"**/*.json"
"!important.log"
"temp/"
"debug[0-9]*.txt"
Set of rules to skip files based on their size.
Rules for skipping files based on their size during scanning. Each rule combines glob patterns with min/max byte thresholds.
No Additional ItemsList of glob patterns to apply the min/max size rule
No Additional Items"path/to/folder"
"path/to/folder/**"
"path/to/folder/**/*"
"path/to/file.c"
"path/to/another/file.py"
"**/*.ts"
"**/*.json"
Minimum size of the file in bytes
Maximum size of the file in bytes
[
{
"patterns": [
"*.log",
"!important.log"
],
"min": 512,
"max": 5242880
}
]
Rules for skipping files based on their size during fingerprinting. Each rule combines glob patterns with min/max byte thresholds.
No Additional ItemsList of glob patterns to apply the min/max size rule
No Additional Items"path/to/folder"
"path/to/folder/**"
"path/to/folder/**/*"
"path/to/file.c"
"path/to/another/file.py"
"**/*.ts"
"**/*.json"
Minimum size of the file in bytes
Maximum size of the file in bytes
[
{
"patterns": [
"temp/",
"*.tmp"
],
"min": 512,
"max": 5242880
}
]
File snippet scanning configuration
Proxy configuration for file snippet requests
Proxy host URL
HTTP configuration for file snippet requests
Base URI for file snippet API requests
Whether to ignore TLS/SSL certificate errors. Intended for testing and development environments only; do not enable in production.
Enable/disable ranking
Ranking threshold for file snippet results (range 0–10). A value of -1 defers to server configuration. Higher values require stronger matches.
Minimum snippet hits required
Value must be greater or equal to 0
Minimum snippet lines required
Value must be greater or equal to 0
When true, the server considers file extensions during matching (e.g. a .c file only matches other .c files). When false, file extensions are ignored. When null, defers to server configuration.
Enable dependency analysis
Skip license headers, comments, and imports at the beginning of files before snippet matching. Works together with skip_headers_limit to control how many leading lines are stripped.
Maximum number of leading lines to strip when skip_headers is enabled. A value of 0 means no limit (strip all detected header lines).
HPFM (High Precision Folder Matching) configuration. HPFM detects copied directory structures by comparing folder-level fingerprints.
Enable ranking for HPFM results
Ranking threshold for HPFM results (range 0–99). Note: this range differs from file_snippet.ranking_threshold (0–10). A value of -1 defers to server configuration. Higher values require stronger matches.
Container scanning configuration
BOM Rules: Set of rules that will be used to modify the BOM before and after the scan is completed
Rules for adding components as scan context. Sent to the SCANOSS API to influence result matching. Requires purl; path is optional for partial matching.
No Additional ItemsFile or folder path, relative to the scan root. Paths ending with / are treated as folder rules and match all files under that directory.
"src/main.c"
"src/vendor/"
Package URL identifying the component. Format: pkg:<type>/<namespace>/<name>@<version>. Version is recommended but optional.
"pkg:npm/vue@2.6.12"
"pkg:golang/github.com/golang/go@1.17.3"
Additional notes or comments
[
{
"path": "src/lib/component.js",
"purl": "pkg:npm/lodash@4.17.21",
"comment": "Full match: path + purl"
},
{
"purl": "pkg:npm/vue@2.6.12",
"comment": "Partial match: purl only"
}
]
Rules for removing components from results after scanning (client-side post-processing). Supports full match (both path and purl) or partial match (path only or purl only).
No Additional ItemsFile or folder path, relative to the scan root. Paths ending with / are treated as folder rules and match all files under that directory.
"src/main.c"
"src/vendor/"
Package URL identifying the component to remove. Format: pkg:<type>/<namespace>/<name>@<version>. Version is recommended but optional.
"pkg:npm/vue@2.6.12"
"pkg:golang/github.com/golang/go@1.17.3"
Additional notes or comments
[
{
"path": "src/main.c",
"purl": "pkg:npm/vue@2.6.12",
"comment": "Full match: removes only this purl at this path"
},
{
"purl": "pkg:npm/deprecated-pkg@1.0.0",
"comment": "Partial match: removes this purl wherever it appears"
},
{
"path": "src/vendor/",
"comment": "Partial match: removes all results under this folder"
}
]
Rules for replacing components in results after scanning (client-side post-processing). Requires both purl (original component) and replace_with (replacement). Path is optional for scoping.
No Additional ItemsFile or folder path, relative to the scan root. Paths ending with / are treated as folder rules and match all files under that directory.
"src/main.c"
"src/vendor/"
Package URL of the original component to replace. Format: pkg:<type>/<namespace>/<name>@<version>. Version is recommended but optional.
"pkg:npm/vue@2.6.12"
"pkg:golang/github.com/golang/go@1.17.3"
Additional notes or comments
License of the replacement component. Should be a valid SPDX license expression (e.g. MIT, Apache-2.0, GPL-3.0-only).
"MIT"
"Apache-2.0"
The replacement Package URL. Format: pkg:<type>/<namespace>/<name>@<version>.
"pkg:npm/vue@2.6.14"
"pkg:npm/new-lib@2.0.0"
[
{
"path": "src/utils/helper.js",
"purl": "pkg:npm/old-lib@1.0.0",
"replace_with": "pkg:npm/new-lib@2.0.0",
"license": "MIT",
"comment": "Upgrade to newer version"
}
]