Pinned Repositories
aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code
aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
container-inspector
container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relate to each other. It can also handle OCI images and Dockerfiles.
extractcode
A mostly universal file extraction library and CLI tool to extract almost any archive in a reasonably safe way on Linux, macOS and Windows.
license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
aboutcode-org's Repositories
aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
aboutcode-org/vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
aboutcode-org/aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code
aboutcode-org/tracecode-toolkit-strace
Trace software components, packages and files between Development/Source and Deployment/Distribution/Binaries codebases - strace build analysis
aboutcode-org/deltacode
DeltaCode: compare two codebase scans (from ScanCode) to detect significant changes.
aboutcode-org/dejacode
Automate open source license compliance and ensure software supply chain integrity
aboutcode-org/pip-requirements-parser
a mostly correct pip requirements parsing library
aboutcode-org/cwe2
Common weakness enumeration library for Python (maintained fork of https://github.com/Julian-Nash/cwe )
aboutcode-org/fetchcode
A library to reliably fetch code via HTTP, FTP and version control systems. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
aboutcode-org/scancode-action
Run ScanCode.io pipelines from your Workflows
aboutcode-org/tracecode-toolkit
Trace software components, packages and files between Development/Source and Deployment/Distribution/Binaries codebases - Static analysis
aboutcode-org/ort
A suite of tools to assist with reviewing Open Source Software dependencies.
aboutcode-org/scancode-toolkit-contrib
Candidate additions and contribution for the ScanCode toolkit
aboutcode-org/turbo-spdx
Fast and lightweight Python library for parsing and writing SPDX JSON documents correctly.
aboutcode-org/heritedcode
A software heritage API client
aboutcode-org/plugincode
aboutcode-org/sanexml
aboutcode-org/scancode-toolkit-plugin-cookiecutter
aboutcode-org/scancode-toolkit-reference-scans
scancode-toolkit-reference-scans
aboutcode-org/scancode.io-pipeline-glc_scan
aboutcode-org/ahocode
aboutcode-org/bitcode
aboutcode-org/license_copyright_pipeline
aboutcode-org/packageurl-python
Python implementation of the package url spec
aboutcode-org/parameter_expansion_patched
POSIX Parameter Expansion in Python
aboutcode-org/purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
aboutcode-org/scancode.io-appimage
aboutcode-org/scancode.io-homepage
ScanCode.io Homepage
aboutcode-org/scancode.io-reference-scans
A set of reference scans with ScanCode.io updated with each new release to track quality and performance progress over time.
aboutcode-org/typecode_libmagic_from_sources
A ScanCode path provider plugin to provide a prebuilt native libmagic binary and database. libmagic is built from sources that are bundled in the repo and sdist