scanoss · matiasdaloia · Jul 30, 2025 · Mar 24, 2025 · Mar 24, 2025
diff --git a/.github/workflows/scanoss.yml b/.github/workflows/scanoss.yml
@@ -0,0 +1,31 @@
+name: SCANOSS
+
+on:
+  pull_request:
+  push:
+    branches:
+      - "*"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: write
+  checks: write
+  actions: read
+
+jobs:
+  scanoss-code-scan:
+    name: SCANOSS Code Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run SCANOSS Code Scan
+        id: scanoss-code-scan-step
+        uses: scanoss/code-scan-action@v1
+        with:
+          policies: undeclared
+          api.url: https://api.scanoss.com/scan/direct
+          api.key: ${{ secrets.SC_API_KEY }}
diff --git a/.gitignore b/.gitignore
@@ -31,3 +31,4 @@ docs/build
 !docs/source/_static/*.json
 !scanoss-settings-schema.json
 .DS_Store
+!scanoss.json
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -4,3 +4,8 @@ repos:
     hooks:
       - id: ruff
       - id: ruff-format
+  - repo: https://github.com/scanoss/pre-commit-hooks
+    rev: v0.2.0
+    hooks:
+      - id: scanoss-check-undeclared-code
+
diff --git a/README.md b/README.md
@@ -39,6 +39,15 @@ To enable dependency scanning, an extra tool is required: scancode-toolkit
 pip3 install -r requirements-scancode.txt
 ```
 
+### Pre-commit Setup
+This project uses pre-commit hooks to ensure code quality and consistency. To set up pre-commit, run:
+```bash
+pip3 install pre-commit
+pre-commit install
+```
+
+This will install the pre-commit tool and set up the git hooks defined in the `.pre-commit-config.yaml` file to run automatically on each commit.
+
 ### Devcontainer Setup
 To simplify the development environment setup, a devcontainer configuration is provided. This allows you to develop inside a containerized environment with all necessary dependencies pre-installed.
 

diff --git a/scanoss.json b/scanoss.json
@@ -0,0 +1,33 @@
+{
+  "settings": {
+    "skip": {
+      "patterns": {},
+      "sizes": {}
+    }
+  },
+  "bom": {
+    "include": [
+      {
+        "purl": "pkg:github/scanoss/scanoss.py"
+      }
+    ],
+    "remove": [
+      {
+        "path": "docs/make.bat",
+        "purl": "pkg:github/twilight-logic/ar488"
+      },
+      {
+        "path": "src/protoc_gen_swagger/options/annotations_pb2_grpc.py",
+        "purl": "pkg:pypi/bauplan"
+      },
+      {
+        "path": "src/protoc_gen_swagger/options/openapiv2_pb2_grpc.py",
+        "purl": "pkg:pypi/bauplan"
+      },
+      {
+        "path": "src/scanoss/api/common/v2/scanoss_common_pb2_grpc.py",
+        "purl": "pkg:pypi/bauplan"
+      }
+    ]
+  }
+}