AboutCode
Bring together best-in-class open source Software Composition Analysis (SCA) tools and data for open compliance and software supply chain security.
Pinned Repositories
aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/
aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
dejacode
Automate open source license compliance and ensure software supply chain integrity
license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
scancode-action
Run ScanCode.io pipelines from your Workflows
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
AboutCode's Repositories
aboutcode-org/aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
aboutcode-org/license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
aboutcode-org/extractcode
A mostly universal file extraction library and CLI tool to extract almost any archive in a reasonably safe way on Linux, macOS and Windows.
aboutcode-org/fetchcode
A library to reliably fetch code via HTTP, FTP and version control systems. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
aboutcode-org/ai-gen-code-search
A set of utilities and tools to detect and search AI-generated code
aboutcode-org/skeleton
aboutcode-org/pygmars
Craft simple regex-based small language lexers and parsers. Build parsers from grammars and accept Pygments lexers as an input. Derived from NLTK.
aboutcode-org/nuget-inspector
Inspect and resolve .NET and NuGet package dependencies like dotnet and nuget do. Fetch manifests data. Runs on Linux, Windows and macOS as a standalone application.
aboutcode-org/django-altcha
Django field and widget for Altcha CAPTCHA.
aboutcode-org/federatedcode
Decentralized and federated metadata for software applications
aboutcode-org/commoncode
A library of common functions shared in many other AboutCode projects
aboutcode-org/github-import-issues-csv
A simple tool designed to import new issues from a CSV file into GitHub repositories and optionally, to add these issues to Projects. Also copies items between projects.
aboutcode-org/vulnerablecode-data
A demonstration, and testbed data storage for FederatedCode data
aboutcode-org/binary-inspector
A library and tools to inspect binaries (elf, winpe, mach0) for dependencies, symbols and other info, and models to store this.
aboutcode-org/cyseq
aboutcode-org/popular-package-purls
List of popular open source packages keyed by Package-URL (PURL).
aboutcode-org/scorecode
A library to fetch and store various software package score, like OpenSSF Scorecard data.
aboutcode-org/source-inspector
Tools to inspect source code and code symbols
aboutcode-org/versatile
Java implementation of vers, a mostly universal version range specifier
aboutcode-org/vulnerablecode-ai-experiments
Experiments with AI to analyze vulnerabilities
aboutcode-org/boolean.py
Implements boolean algebra in one module.
aboutcode-org/go-inspector
An inspector for Go language-based source, binaries, packages, dependencies and metadata
aboutcode-org/matchcode-tests
aboutcode-org/normality
A tiny library for Python text normalisation. Useful for ad-hoc text processing.
aboutcode-org/purl-validator
Let's create a PURL validator that's decentralized such that libraries can use it offline and help them create better PURLs.
aboutcode-org/pyahocorasick
Python module (C extension and plain python) implementing Aho-Corasick algorithm
aboutcode-org/scancode-benchmark
aboutcode-org/thirdparty-packages
A collection of various pre-built thirdparty packages with their corresponding source code
aboutcode-org/tree-sitter-swift-wheel
A tree-sitter grammar for the Swift programming language. Fork of alex-pinkus/tree-sitter-swift to support releasing python wheels.
aboutcode-org/www.aboutcode.org
Staging, issue content tidbits for AboutCode.org