SCANOSS Platform 2.0 Cryptography Service

Welcome to the Cryptography server for SCANOSS Platform 2.0 A specialised service providing methods for Export Control tasks in software analysis. This service helps identify and track cryptographic algorithms and security-related components in software packages.

Key Features

Cryptographic Algorithm Detection

Exact Version Analysis: Find cryptographic algorithms in specific package versions using PURL
Version Range Analysis: Detect cryptographic algorithms across version ranges (Semver compliant)
Coverage Analysis: Identify versions containing cryptographic algorithms that may go undetected within specified version ranges

Security Component Analysis

Detect usage patterns of:
- Libraries
- Frameworks
- SDKs
- Security Protocols

Service Access

The service is accessible through:

gRPC methods (primary)
REST API (via gateway)

For detailed service definitions, see our PAPI Documentation

Database Support

Compatible with multiple database systems including:

SQLite
PostgreSQL
Other SQL-compatible databases

Database connection can be configured via:

Environment file (.env)
Configuration file (.json)

Data Collection

For optimal data gathering and table population, we recommend using minr.

Configuration

Environmental variables are fed in this order:

dot-env --> env.json --> Actual Environment Variable

These are the supported configuration arguments:

APP_NAME="SCANOSS Cryptography Server"
APP_PORT=50054
APP_MODE=dev
APP_DEBUG=false
DB_DSN="./test-support/sqlite/scanoss.db?cache=shared&mode=memory"

Docker Environment

The Cryptography server can be deployed as a Docker container.

Adjust configurations by updating an .env file in the root of this repository.

How to build

You can build your own image of the SCANOSS Cryptography Server with the docker build command as follows.

make ghcr_build

How to run

Run the SCANOSS Cryptography Server Docker image by specifying the environmental file to be used with the --env-file argument.

You may also need to expose the APP_PORT on a given interface:port with the -p argument.

Development

To run locally on your desktop, please use the following command:

go run cmd/server/main.go -json-config config/app-config-dev.json -debug

After changing a Cryptography version, please run the following command:

go mod tidy -compat=1.24

https://mholt.github.io/json-to-go/

License

GPL-2.0-or-later

Name		Name	Last commit message	Last commit date
Latest commit History 81 Commits
.github		.github
.idea		.idea
cmd		cmd
config		config
pkg		pkg
scripts		scripts
target		target
test-support		test-support
.env.example		.env.example
.gitignore		.gitignore
.golangci.yml		.golangci.yml
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
get_version.sh		get_version.sh
go.mod		go.mod
go.sum		go.sum
package-scripts.sh		package-scripts.sh
version.sh		version.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

SCANOSS Platform 2.0 Cryptography Service

Key Features

Cryptographic Algorithm Detection

Security Component Analysis

Service Access

Database Support

Data Collection

Configuration

Docker Environment

How to build

How to run

Development

License

About

Uh oh!

Releases 13

Packages

Contributors 6

Uh oh!

Languages

License

scanoss/cryptography

Folders and files

Latest commit

History

Repository files navigation

SCANOSS Platform 2.0 Cryptography Service

Key Features

Cryptographic Algorithm Detection

Security Component Analysis

Service Access

Database Support

Data Collection

Configuration

Docker Environment

How to build

How to run

Development

License

About

Resources

License

Code of conduct

Contributing

Uh oh!

Stars

Watchers

Forks

Releases 13

Packages 0

Contributors 6

Uh oh!

Languages

Packages