https://github.com/aboutcode-org/dejacode

Automate open source license compliance and ensure software supply chain integrity
https://github.com/aboutcode-org/dejacode

cyclonedx foss-compliance license open-source package-url purl sca scancode spdx vulnerabilities

Last synced: 29 days ago
JSON representation

Automate open source license compliance and ensure software supply chain integrity

• Host: GitHub
• URL: https://github.com/aboutcode-org/dejacode
• Owner: aboutcode-org
• License: agpl-3.0
• Created: 2023-12-07T16:57:42.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-03-31T12:23:18.000Z (about 1 month ago)
• Last Synced: 2025-04-11T20:05:52.475Z (29 days ago)
• Topics: cyclonedx, foss-compliance, license, open-source, package-url, purl, sca, scancode, spdx, vulnerabilities
• Language: Python
• Homepage: https://dejacode.readthedocs.io
• Size: 228 MB
• Stars: 31
• Watchers: 8
• Forks: 13
• Open Issues: 52
• Metadata Files:
  • Readme: README.rst
  • Changelog: CHANGELOG.rst
  • Contributing: CONTRIBUTING.rst
  • License: LICENSE

Awesome Lists containing this project

README

        
DejaCode

========

DejaCode is a complete enterprise-level application to automate open source license

compliance and ensure software supply chain integrity, powered by

`ScanCode `_,

the industry-leading code scanner.

- Run scans and track all the open source and third-party products and components used

  in your software.

- Apply usage policies at the license or component level, and integrate into

  ScanCode to ensure compliance.

- Capture software inventories (SBOMs), generate compliance artifacts, and keep

  historical data.

- Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and

  software systems.

- Scan a software package, simply by providing its Download URL, to get comprehensive

  details of its composition and create an SBOM.

- Load software package data into DejaCode with the integration for the open source

  ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM.

- Track and report vulnerability tracking and reporting by integrating with the open

  source VulnerableCode project.

- Create, publish and share SBOM documents in DejaCode, including detailed attribution

  documentation and custom reports in multiple file formats and standards, such as

  CycloneDX and SPDX.

Getting started

---------------

The DejaCode documentation is available here: https://dejacode.readthedocs.io/

If you have questions please ask them in

`Discussions `_.

If you want to contribute to DejaCode, start with our

`Contributing `_ page.

Build and tests status

----------------------

+------------+-------------------+

| **Tests**  | **Documentation** |

+============+===================+

| |ci-tests| |    |docs-rtd|     |

+------------+-------------------+

DejaCode License Notice

-----------------------

DejaCode is an enterprise-level application to automate open source license

compliance and ensure software supply chain integrity, powered by ScanCode,

the industry-leading code scanner.

SPDX-License-Identifier: AGPL-3.0-only

Copyright (c) nexB Inc., AboutCode and others

This program is free software: you can redistribute it and/or modify

it under the terms of the GNU Affero General Public License as

published by the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License

along with this program.  If not, see .

Commercial Services option

---------------------------

nexB offers a commercial services option for DejaCode.

You can learn more about these options by contacting nexB at

https://www.nexb.com/contact-us/

.. |ci-tests| image:: https://github.com/aboutcode-org/dejacode/actions/workflows/ci.yml/badge.svg?branch=main

    :target: https://github.com/aboutcode-org/dejacode/actions/workflows/ci.yml

    :alt: CI Tests Status

.. |docs-rtd| image:: https://readthedocs.org/projects/dejacode/badge/?version=latest

    :target: https://dejacode.readthedocs.io/en/latest/?badge=latest

    :alt: Documentation Build Status

Acknowledgements, Funding, Support and Sponsoring

--------------------------------------------------------

This project is funded, supported and sponsored by:

- Generous support and contributions from users like you!

- the European Commission NGI programme

- the NLnet Foundation 

- the Swiss State Secretariat for Education, Research and Innovation (SERI)

- Google, including the Google Summer of Code and the Google Seasons of Doc programmes

- Mercedes-Benz Group

- Microsoft and Microsoft Azure

- AboutCode ASBL

- nexB Inc. 

|europa|   |dgconnect| 

|ngi|   |nlnet|   

|aboutcode|  |nexb|

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial

support from the European Commission's Next Generation Internet programme, under the aegis of DG

Communications Networks, Content and Technology under grant agreement No 101069594. 

|ngizeroentrust| https://nlnet.nl/project/CRAVEX/

.. |nlnet| image:: https://nlnet.nl/logo/banner.png

    :target: https://nlnet.nl

    :height: 50

    :alt: NLnet foundation logo

.. |ngi| image:: https://ngi.eu/wp-content/uploads/thegem-logos/logo_8269bc6efcf731d34b6385775d76511d_1x.png

    :target: https://ngi.eu35

    :height: 50

    :alt: NGI logo

.. |nexb| image:: https://nexb.com/wp-content/uploads/2022/04/nexB.svg

    :target: https://nexb.com

    :height: 30

    :alt: nexB logo

.. |europa| image:: https://ngi.eu/wp-content/uploads/sites/77/2017/10/bandiera_stelle.png

    :target: http://ec.europa.eu/index_en.htm

    :height: 40

    :alt: Europa logo

.. |aboutcode| image:: https://aboutcode.org/wp-content/uploads/2023/10/AboutCode.svg

    :target: https://aboutcode.org/

    :height: 30

    :alt: AboutCode logo

.. |swiss| image:: https://www.sbfi.admin.ch/sbfi/en/_jcr_content/logo/image.imagespooler.png/1493119032540/logo.png

    :target: https://www.sbfi.admin.ch/sbfi/en/home/seri/seri.html

    :height: 40

    :alt: Swiss logo

.. |dgconnect| image:: https://commission.europa.eu/themes/contrib/oe_theme/dist/ec/images/logo/positive/logo-ec--en.svg

    :target: https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/communications-networks-content-and-technology_en

    :height: 40

    :alt: EC DG Connect logo

.. |ngizerocore| image:: https://nlnet.nl/image/logos/NGI0_tag.svg

    :target: https://nlnet.nl/core

    :height: 40

    :alt: NGI Zero Core Logo

.. |ngizerocommons| image:: https://nlnet.nl/image/logos/NGI0_tag.svg

    :target: https://nlnet.nl/commonsfund/

    :height: 40

    :alt: NGI Zero Commons Logo

.. |ngizeropet| image:: https://nlnet.nl/image/logos/NGI0PET_tag.svg

    :target: https://nlnet.nl/PET

    :height: 40

    :alt: NGI Zero PET logo

.. |ngizeroentrust| image:: https://nlnet.nl/image/logos/NGI0Entrust_tag.svg

    :target: https://nlnet.nl/entrust

    :height: 38

    :alt: NGI Zero Entrust logo

.. |ngiassure| image:: https://nlnet.nl/image/logos/NGIAssure_tag.svg

    :target: https://nlnet.nl/image/logos/NGIAssure_tag.svg

    :height: 32

    :alt: NGI Assure logo

.. |ngidiscovery| image:: https://nlnet.nl/image/logos/NGI0Discovery_tag.svg

    :target: https://nlnet.nl/discovery/

    :height: 40

    :alt: NGI Discovery logo