AboutCode
Bring together best-in-class open source Software Composition Analysis (SCA) tools and data for open compliance and software supply chain security.
Pinned Repositories
aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/
aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
dejacode
Automate open source license compliance and ensure software supply chain integrity
license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
scancode-action
Run ScanCode.io pipelines from your Workflows
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
AboutCode's Repositories
aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
aboutcode-org/vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
aboutcode-org/aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/
aboutcode-org/scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
aboutcode-org/scancode-licensedb
A free and open database of all the licenses, in particular all the open source software licenses
aboutcode-org/purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
aboutcode-org/univers
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
aboutcode-org/dejacode
Automate open source license compliance and ensure software supply chain integrity
aboutcode-org/scancode-action
Run ScanCode.io pipelines from your Workflows
aboutcode-org/pkginfo2
Git mirror of http://bazaar.launchpad.net/~tseaver/pkginfo ... with modifications
aboutcode-org/ort
A suite of tools to assist with reviewing Open Source Software dependencies.
aboutcode-org/.github
aboutcode Homepage @ GitHub
aboutcode-org/binaryornot
Ultra-lightweight pure Python package to check if a file is binary or text.
aboutcode-org/purl-benchmarks
AboutCode PURL Accuracy Benchmarks
aboutcode-org/source-inspector
Tools to inspect source code and code symbols
aboutcode-org/versatile
Java implementation of vers, a mostly universal version range specifier
aboutcode-org/vulntotal-extension
aboutcode-org/aboutcode-mirror-kev
AboutCode Mirror for CISA Known Exploited Vulnerabilities
aboutcode-org/fingerprints
Make it easier to compare and cross-reference the names of companies and people by applying strong normalisation.
aboutcode-org/GoReSym
Go symbol recovery tool
aboutcode-org/packageurl-go
Go implementation of the package url spec
aboutcode-org/packageurl-java
Java/JVM implementation of the package url spec
aboutcode-org/packageurl-python
Python implementation of the package url spec
aboutcode-org/packageurl.rs
Rust implementation of the Package URL specification.
aboutcode-org/purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
aboutcode-org/python-semanticversion
Semantic version comparison for Python (see http://semver.org/)
aboutcode-org/regipy
Regipy is an os independent python library for parsing offline registry hives
aboutcode-org/romp
aboutcode-org/scancode.io-tutorial
Tutorial code and test files for ScanCode.io and ScanPipe
aboutcode-org/vendy
Vendy is a tool for vendoring third-party packages into your project.