AboutCode
Bring together best-in-class open source Software Composition Analysis (SCA) tools and data for open compliance and software supply chain security.
Pinned Repositories
aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/
aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
dejacode
Automate open source license compliance and ensure software supply chain integrity
license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
scancode-action
Run ScanCode.io pipelines from your Workflows
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
AboutCode's Repositories
aboutcode-org/scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
aboutcode-org/univers
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
aboutcode-org/deltacode
DeltaCode: compare two codebase scans (from ScanCode) to detect significant changes.
aboutcode-org/pip-requirements-parser
a mostly correct pip requirements parsing library
aboutcode-org/debian-inspector
A python library to parse Debian deb822-style control and copyright files and all related Debian, Ubuntu and Debian-derivative manifest and metadata files, an alternative approach to python-debian.
aboutcode-org/federatedcode
Decentralized and federated metadata for software applications
aboutcode-org/nuget-inspector
Inspect and resolve .NET and NuGet package dependencies like dotnet and nuget do. Fetch manifests data. Runs on Linux, Windows and macOS as a standalone application.
aboutcode-org/pygmars
Craft simple regex-based small language lexers and parsers. Build parsers from grammars and accept Pygments lexers as an input. Derived from NLTK.
aboutcode-org/ai-gen-code-search
A set of utilities and tools to detect and search AI-generated code
aboutcode-org/flot
Make it easier to create Python packages. Build multiple Python packages from one repo easily.
aboutcode-org/workshop
FOSS license and security compliance tools workshop before FOSDEM
aboutcode-org/gemfileparser2
A library to parse Rubygem gemspec and Gemfile files and Cocoapods podspec and Podfile files using Python. Friendly fork of https://gitlab.com/balasankarc/gemfileparser
aboutcode-org/github-import-issues-csv
A simple tool designed to import new issues from a CSV file into GitHub repositories and optionally, to add these issues to Projects.
aboutcode-org/scancode-plugins
A set of plugins either delivered as builtin scancode-toolkit or extra plugins
aboutcode-org/scancode-toolkit-contrib
Candidate additions and contribution for the ScanCode toolkit
aboutcode-org/android-inspector
android-inspector is a library of utilities to introspect source and binary Android apps and Android device firmware. It can be used as a plugin to ScanCode.
aboutcode-org/scancode-toolkit-plugin-cookiecutter
aboutcode-org/scancode.io-pipeline-glc_scan
aboutcode-org/vulnerablecode-data
aboutcode-org/vulntotal-extension
aboutcode-org/what-to-click-browser-extension
aboutcode-org/aboutcode-packages-npm-385
aboutcode-org/back2source-data
Checking if package sources and binaries match
aboutcode-org/go-inspector
An inspector for Go language-based source, binaries, packages, dependencies and metadata
aboutcode-org/intbitset
Python C-based extension implementing fast integer bit sets
aboutcode-org/mass-scan
aboutcode-org/purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
aboutcode-org/scancode.io-homepage
ScanCode.io Homepage
aboutcode-org/scancode.io-reference-scans
A set of reference scans with ScanCode.io updated with each new release to track quality and performance progress over time.
aboutcode-org/typecode_libmagic_from_sources
A ScanCode path provider plugin to provide a prebuilt native libmagic binary and database. libmagic is built from sources that are bundled in the repo and sdist