AboutCode
Bring together best-in-class open source Software Composition Analysis (SCA) tools and data for open compliance and software supply chain security.
Pinned Repositories
aboutcode
AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/
aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
dejacode
Automate open source license compliance and ensure software supply chain integrity
license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
scancode-action
Run ScanCode.io pipelines from your Workflows
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
AboutCode's Repositories
aboutcode-org/django-rest-hooks
:love_letter: Add webhook subscriptions to your Django app.
aboutcode-org/clearcode-toolkit
This project is no longer maintained. Everything is covered in PurlDB: https://github.com/aboutcode-org/purldb
aboutcode-org/attributecode
[Archived] This project was an Attribution generation tool with many content and format options for the input data. All its features have been folded back in the latest AboutCode Toolkit at https://github.com/nexB/aboutcode-toolkit
aboutcode-org/scancode-thirdparty-src
Source code for ScanCode prebuilt dependencies
aboutcode-org/aboutcode-example-code
Example code used for AboutCode training
aboutcode-org/python-patch2
Library to parse and apply unified diffs
aboutcode-org/python-publicsuffix2
A small Python library to deal with publicsuffix data (includes a bundled PSL as "package data") in a wheel friendly format. Fork and continuation of Tomaž Šolc's "publicsuffix"
aboutcode-org/relrel
A tool for creating GitHub Releases and uploading assets reliably
aboutcode-org/bz2file
Python library for reading and writing bzip2-compressed files.
aboutcode-org/macports-ci
Simplify MacPorts setup on Travis-CI
aboutcode-org/Lawu
A Python library for inspecting JVM class files (.class)
aboutcode-org/rpm-inspector
A Python library to collect data from RPM packages including installed packages.
aboutcode-org/scancode-server
This project is no longer maintained. Visit https://github.com/nexB/scancode.io/ instead for similar and current project
aboutcode-org/typecode_libmagic_system_provided
This is an experiment that has been replaced by a build from sources. For an alternative to this plugin with the same overall behaviour see instead https://github.com/nexB/scancode-plugins/tree/main/builtins/typecode_libmagic_system_provided
aboutcode-org/pdfminer
Python PDF Parser based on https://github.com/pdfminer/pdfminer.six updated fork as used in ScanCode
aboutcode-org/spdx-license-namespaces-registry
This project is no longer maintained. Everything is covered in LicenseDB: https://github.com/aboutcode-org/scancode-licensedb
aboutcode-org/python-rpm-vercmp
[Obsolete: Merged in https://github.com/aboutcode-org/univers ] Pure python implementation of the RPM version comparison algorithm, intended for use in contexts in which the definitive C implementation in RPM is not available.
aboutcode-org/spdx-licenses
A mirror of http://spdx.org licenses