/dejacode

Automate open source license compliance and ensure software supply chain integrity

Primary LanguagePythonGNU Affero General Public License v3.0AGPL-3.0

DejaCode

DejaCode is a complete enterprise-level application to automate open source license compliance and ensure software supply chain integrity, powered by ScanCode, the industry-leading code scanner.

  • Run scans and track all the open source and third-party products and components used in your software.
  • Apply usage policies at the license or component level, and integrate into ScanCode to ensure compliance.
  • Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.
  • Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and software systems.
  • Scan a software package, simply by providing its Download URL, to get comprehensive details of its composition and create an SBOM.
  • Load software package data into DejaCode with the integration for the open source ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM.
  • Track and report vulnerability tracking and reporting by integrating with the open source VulnerableCode project.
  • Create, publish and share SBOM documents in DejaCode, including detailed attribution documentation and custom reports in multiple file formats and standards, such as CycloneDX and SPDX.

Getting started

The DejaCode documentation is available here: https://dejacode.readthedocs.io/

If you have questions please ask them in Discussions.

If you want to contribute to DejaCode, start with our Contributing page.

Build and tests status

Tests Documentation
CI Tests Status Documentation Build Status

DejaCode License Notice

DejaCode is an enterprise-level application to automate open source license compliance and ensure software supply chain integrity, powered by ScanCode, the industry-leading code scanner.

SPDX-License-Identifier: AGPL-3.0-only

Copyright (c) nexB Inc., AboutCode and others

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Commercial Services option

nexB offers a commercial services option for DejaCode. You can learn more about these options by contacting nexB at https://www.nexb.com/contact-us/

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

  • Generous support and contributions from users like you!
  • the European Commission NGI programme
  • the NLnet Foundation
  • the Swiss State Secretariat for Education, Research and Innovation (SERI)
  • Google, including the Google Summer of Code and the Google Seasons of Doc programmes
  • Mercedes-Benz Group
  • Microsoft and Microsoft Azure
  • AboutCode ASBL
  • nexB Inc.

Europa logo EC DG Connect logo

NGI logo NLnet foundation logo

AboutCode logo nexB logo

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/CRAVEX/