Creating complete, machine-readable SBOMs in standardized formats can be a significant burden for many open source projects, especially for resource-constrained, large integration efforts, projects dealing with complex dependencies, etc. Detection of undeclared dependencies and unwanted snippets is one of their main challenges.

This talk introduces osskb.org, a free of charge service by the Software Transparency Foundation (STF) designed to make accurate open source scanning accessible to all. Integrated as a back-end already by popular open source tools like FOSSology, ORT, FOSSLight, scanoos.py, or Theia, OSSKB.org detects open source files and code snippets against one of the largest open source knowledge bases, providing license information and without compromising user privacy.

The session will address key questions about STF's mission, governance and shareholders, it will walk attendees through the open source technologies behind osskb.org, and will demo how OSSKB.org works integrated with popular compliance tools and with pipelines.