Eclipse Oscano project aims to develop and distribute a complete software composition analysis solution installable on cloud, local server or workstation environment.
Main use cases of Oscano include Open Source license compliance management, open source inventory management, vulnerability remediation automation and software analysis reporting.
The solution is designed to meet the challenge of massively increasing scale and continuous nature of build and releasing of modern software systems. It addresses the scaling problem through four principal means: 1. Continuous and fully automated operation cycle from new code commit to analysis, scan and action 2. Maximum engagement of developers in the software analysis and management use cases for direct and early troubleshooting 3. Risk-based smart analysis of compliance and vulnerability issues 4. Maximum re-use of pre-scanned open source software data.
In addition to state-of-the art core SCA functionality the solution provides following features
- Enterprise integrations for authentication and access control for source access and SCA system operation
- Interfaces and data conversion to support external software data sources for component meta-data, scan results, compliance and vulnerability data
- Interface for legacy and vendor software for OSS component inventory management
- Open Source obligation management solution for automated generation and publishing of obligated materials and managing the workflow.