Skip to main content

Introduction

The Eclipse Apoapsis ORT Server is a standalone application for the automation of software compliance checks.

It is based on the OSS Review Toolkit (ORT) which provides:

  • Recursive dependency analysis for more than 20 package managers.
  • Integration of several vulnerability databases.
  • Integration of several license, copyright, and snippet scanners.
  • Customizable compliance rules.
  • Lots of report formats, including SPDX and CycloneDX SBOMs.
  • Flexible configuration.

The ORT core functionality is extended with:

  • A scalable architecture with Kubernetes integration.
  • A REST API to trigger scans and manage data.
  • Keycloak integration for authentication and role management.
  • A central database to enable data analysis across projects.

The ORT Server developers are also contributors to ORT and both projects work in close collaboration.