AboutCode
Bring together best-in-class open source Software Composition Analysis (SCA) tools and data for open compliance and software supply chain security.
Pinned Repositories
aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/
aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
dejacode
Automate open source license compliance and ensure software supply chain integrity
license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
scancode-action
Run ScanCode.io pipelines from your Workflows
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
AboutCode's Repositories
aboutcode-org/aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
aboutcode-org/license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
aboutcode-org/fetchcode
A library to reliably fetch code via HTTP, FTP and version control systems. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
aboutcode-org/pygmars
Craft simple regex-based small language lexers and parsers. Build parsers from grammars and accept Pygments lexers as an input. Derived from NLTK.
aboutcode-org/nuget-inspector
Inspect and resolve .NET and NuGet package dependencies like dotnet and nuget do. Fetch manifests data. Runs on Linux, Windows and macOS as a standalone application.
aboutcode-org/github-import-issues-csv
A simple tool designed to import new issues from a CSV file into GitHub repositories and optionally, to add these issues to Projects. Also copies items between projects.
aboutcode-org/ort
A suite of tools to assist with reviewing Open Source Software dependencies.
aboutcode-org/source-inspector
Tools to inspect source code and code symbols
aboutcode-org/binary-inspector
A library and tools to inspect binaries (elf, winpe, mach0) for dependencies, symbols and other info, and models to store this.
aboutcode-org/binaryornot
Ultra-lightweight pure Python package to check if a file is binary or text.
aboutcode-org/purl-benchmarks
AboutCode PURL Accuracy Benchmarks
aboutcode-org/scorecode
A library to fetch and store various software package score, like OpenSSF Scorecard data.
aboutcode-org/versatile
Java implementation of vers, a mostly universal version range specifier
aboutcode-org/vulntotal-extension
aboutcode-org/boolean.py
Implements boolean algebra in one module.
aboutcode-org/fingerprints
Make it easier to compare and cross-reference the names of companies and people by applying strong normalisation.
aboutcode-org/go-inspector
An inspector for Go language-based source, binaries, packages, dependencies and metadata
aboutcode-org/GoReSym
Go symbol recovery tool
aboutcode-org/normality
A tiny library for Python text normalisation. Useful for ad-hoc text processing.
aboutcode-org/packageurl-go
Go implementation of the package url spec
aboutcode-org/packageurl-java
Java/JVM implementation of the package url spec
aboutcode-org/packageurl-python
Python implementation of the package url spec
aboutcode-org/packageurl.rs
Rust implementation of the Package URL specification.
aboutcode-org/pyahocorasick
Python module (C extension and plain python) implementing Aho-Corasick algorithm
aboutcode-org/python-semanticversion
Semantic version comparison for Python (see http://semver.org/)
aboutcode-org/regipy
Regipy is an os independent python library for parsing offline registry hives
aboutcode-org/romp
aboutcode-org/scancode.io-tutorial
Tutorial code and test files for ScanCode.io and ScanPipe
aboutcode-org/thirdparty-packages
A collection of various pre-built thirdparty packages with their corresponding source code
aboutcode-org/vendy
Vendy is a tool for vendoring third-party packages into your project.