Open Source Software Scan

Get a Software Bill of Materials with only minutes of setup. Your code stays with you with Sema’s agent.

Questions? Contact us


The agent scans a provided repository and generates a .zip file with analytics that must be sent to Sema to be analyzed further. This file may contain things such as potential CVEs, dependencies, licenses, etc. This file does not, however, contain any source code.


  1. Docker must be installed. If using Windows, install Docker Desktop.

  2. Currently, the agent only supports repositories versioned with Git.

    • If your repository is versioned with SVN, the agent will attempt to convert this to a git repository. The agent will attempt to access your SVN repository using git svn.

    • If your repository is versioned with something other than Git or SVN, you must first convert it to Git.


  1. Download the agent Source code zip file here, and extract it to a directory.

  2. Clone your repository to a local directory then, depending on your operating system, follow one of the following instructions from the root of the agent code that was just downloaded:

macOS / Linux:

./scripts/ [--help] <repository> <output-directory>


  1. Start Docker Desktop. This can be done by double-clicking the Docker Desktop icon. It must be running in the background.

  2. Open PowerShell and run the following command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned; ./scripts/agent.ps1 [--help] <repository> <output-directory>

Once complete, please send the zipped file to and we'll take care of the rest. You'll always have a copy so you can see what was sent. Thank you.