Meterian BOSS (Software Composition Analysis for codebases) is a codebase scanner designed to analyze open source components used in software projects. It detects all open source libraries within a codebase, identifies security vulnerabilities, flags license compliance issues, and highlights outdated dependencies. The scanner uploads component metadata to Meterian's cloud servers for analysis without transmitting the actual source code, keeping intellectual property on-premises. It integrates with CI/CD pipelines and supports a wide range of programming languages and repositories. BOSS generates reports in multiple formats — interactive HTML, JSON, PDF, and console output — to support various compliance and reporting workflows. Each report includes a full Software Bill of Materials (SBOM) that lists all detected components along with their associated licenses and copyright attributions. The tool also provides actionable upgrade paths for vulnerable components and detailed license information to help development teams maintain open source license compliance and reduce exposure to security risks.