OSSScan
Open Source License & Security Scanning
This summary is provided for convenience only and is not part of the agreement. OSSScan is an advisory tool that helps identify open-source licensing and vulnerability risks in code and dependency inventories.
OSSScan is not a substitute for legal, security, or compliance review. BigBrainCorp LLC does not guarantee that OSSScan will detect every copyleft obligation, vulnerability, or other issue, and is not liable for consequences arising from your use of or reliance on the Software's output.
By installing, launching, or otherwise using OSSScan, you agree to these Terms of Use. If you do not agree, do not install or use the Software, and delete any copies in your possession.
Subject to your continuous compliance with these Terms and your payment of any applicable fees, the Vendor grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to install and run the Software on machines you own or control, solely for your internal business purposes and only for the duration permitted by your active license file, license.json, issued by the Vendor.
This license terminates automatically upon expiry of your license file, upon any breach of these Terms, or upon revocation by the Vendor.
You shall not, and shall not permit any third party to:
The Software bundles or depends on third-party open-source components, including but not limited to Syft (Apache-2.0), Grype (Apache-2.0), and Electron (MIT). Those components are licensed under their own terms; nothing in these Terms modifies your rights or obligations with respect to those components. Applicable notices are described in the THIRD_PARTY_NOTICES.md file shipped with the Software, and the full license texts for redistributed components are shipped with the Software in the files referenced there.
The Software is an advisory and informational tool only. The Software's outputs, including any Software Bill of Materials, license report, vulnerability or CVE report, risk classification, copyleft analysis, or other artifact produced by the Software, are provided for informational purposes only and must not be relied upon as legal advice, security advice, license-compliance certification, or a definitive determination of any matter relating to open-source licensing, intellectual property, security, or regulatory compliance.
You acknowledge and agree that:
The Software is provided "AS IS" and "AS AVAILABLE," with all faults and without warranty of any kind. To the maximum extent permitted by applicable law, the Vendor disclaims all warranties, whether express, implied, statutory, or otherwise, including without limitation the implied warranties of merchantability, fitness for a particular purpose, title, accuracy, completeness, quiet enjoyment, and non-infringement, and any warranties arising from a course of dealing, usage, or trade practice.
Without limiting the foregoing, the Vendor does not warrant that the Software will meet your requirements, operate uninterrupted or error-free, be free of harmful components, have all defects corrected, produce accurate or reliable output, detect every applicable open-source or security issue, or retain access to any third-party service the Software depends on.
To the maximum extent permitted by applicable law, in no event shall the Vendor be liable to you or any third party for any indirect, incidental, special, consequential, exemplary, or punitive damages, including damages for lost profits, lost revenue, lost data, lost goodwill, business interruption, procurement of substitute goods or services, regulatory fines, settlement payments, royalties, license-compliance liabilities, litigation costs, or any other damages, however caused and under any theory of liability, even if the Vendor has been advised of the possibility of such damages.
The Vendor's aggregate liability arising out of or relating to these Terms or the Software, whether in contract, tort, or otherwise, shall not exceed the lesser of the total fees actually paid by you to the Vendor for the Software in the twelve months immediately preceding the event giving rise to the claim, or US $100.
These limitations apply notwithstanding the failure of any limited remedy of its essential purpose and to the maximum extent permitted by law.
You shall defend, indemnify, and hold harmless the Vendor and the Vendor's affiliates, officers, employees, and agents from and against any and all claims, demands, actions, liabilities, damages, losses, costs, and expenses, including reasonable attorneys' fees, arising out of or related to your use of the Software, your reliance on any Software output, your failure to comply with applicable open-source license obligations, your breach of these Terms, or your violation of any law or third-party right.
The Software requires a valid, unexpired license file, license.json, signed by the Vendor. You acknowledge that license files have an expiry date, features remain available only while a valid license file is installed and unexpired, and tampering with the license file, the embedded public key, the license-state file, or the system clock is a material breach of these Terms and may also violate applicable computer-misuse laws.
The Software's deep-scan and deep-enrichment features make outbound network requests to third-party services, including, depending on the ecosystem, proxy.golang.org, registry.npmjs.org, pypi.org, and api.deps.dev. These features transmit only package coordinates, consisting of name, version, and ecosystem identifier; the Software does not transmit your source code or repository contents.
The Vendor is not responsible for the policies, availability, or accuracy of those third-party services, and your use of those features is subject to their respective terms. The Vendor does not collect telemetry from the Software. For additional details, see the Privacy Policy shipped with the Software.
If you purchase a paid license, support, if any, is provided as described in the Support & Maintenance Policy shipped with the Software. Vulnerability scanning also relies on Grype's vulnerability database, which is downloaded and refreshed from third-party infrastructure operated for the Grype ecosystem.
These Terms remain in effect until terminated. They terminate automatically without notice upon expiry of your license file or upon your breach of any provision. The Vendor may also terminate these Terms at any time by revoking your license.
Upon termination, you shall cease all use of the Software and delete all copies in your possession or control. Sections 2, 4, 5, 6, 7, 11, 12, and any other provisions that by their nature should survive termination, will survive.
These Terms are governed by, and construed in accordance with, the laws of the State of Arizona, USA, without regard to its conflict-of-laws rules. The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in Maricopa County, Arizona for any dispute arising out of or relating to these Terms or the Software. The United Nations Convention on Contracts for the International Sale of Goods does not apply.
By installing or using OSSScan, you acknowledge that you have read, understood, and agree to be bound by these Terms of Use.