Thompson | Stay Secure. Build Faster.


Thompson is Scantist’s Software Composition Analysis tool designed to help you manage security and legal-compliance risks of your open source libraries in your source-code and binary projects so you:

Know which open source libraries you are using

Know which libraries are vulnerable

Know which libraries are compliant




Complete open source Software Bill-of-Materials as part of your overall software supply chain to identify vulnerable and non-vulnerabilities components

Direct and transitive dependency analysis detailed in the Dependency Graph

Organisation-wide dependency mapping allows to identify and prioritise vulnerabilities using Knowledge Graph

Curated reports in a variety of formats for management and/or integration

Secure – no access to source code




Vulnerabilities &

Security Database

Vulnerability Information from various sources including:

SCMs like Github, Gitlab, Bitbucket
Public Commits on popular libraries
Bug trackers like Bugzilla and Confluence

16TB of data updated every 6 hours

Popular and legacy open source libraries with high accuracy: 10 widely used languages and 15 binary formats

Proactive checks for new vulnerabilities for your projects and automated alerts on outdated projects


Targeted &



Prioritise remediation efforts using Scantist’s security and compatibility assessment and relevant reference links from verified sources

Faster security fix time with recommended root-level fixes for developers that are easy to implement

Single-click fixes for all vulnerabilities

In-built issue management to enable clear delegation and tracking of issues (JIRA/Github and more)

Managing Compliance to Licensing terms
Scalable OSS Governance usingcustomised policy rules as per your organisations needs.
Policies based on librarylibrary names, library age etc.
Policies based on licensing terms and licensing attributes, etc.
Policies based on vulnerabilities scoring, specific IDs etc.
Binary Analysis
Scantist supports true binary analysis – going beyond strings and hashes and all things trivial to find open source risks in your applications
Docker Images Scanning
Scantist supports detection of open source components from source-code, binary and environment dependencies.
Integrations to major SDLC products
IDE Integrations for instant scan results for your developers.
Source Control Management Integration for ease of scanning detection of change in codes for each push or pull request.
Continuous Integration Tools to trigger automatic scans after builds are triggered for more comprehensive and accurate scan results on your projects.
Issue Management Tools to alert your developers of vulnerabilities being detected and assigning tickets for remediation within your team.
SaaS / On-premise
Scantist is providing a full SaaS Software Composition Analysis platform.
On-premise deployments and private cloud deployments are fully supported by Scantist SCA - contact us to find out more

Take control today

Join other developers and security
teams and get started with Scantist

Business impacts

How Thompson translates to business success for you:

Card icon

Accelerate time-to-market with faster development by enabling the use of open source components freely

Card icon

Use of a one-stop-shop for all commonly used languages in development

Card icon

Efficient use of security resources by reducing security and compliance efforts

Card icon

Improve legal compliance

Card icon

Fast & applicable remediation processes

Card icon

Lower vulnerability management costs