Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://github.com/aboutcode-org/scancode-toolkit
copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses
Last synced: 2 days ago
JSON representation
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
- Host: GitHub
- URL: https://github.com/aboutcode-org/scancode-toolkit
- Owner: aboutcode-org
- Created: 2015-07-01T13:43:06.000Z (over 9 years ago)
- Default Branch: develop
- Last Pushed: 2024-10-29T11:19:22.000Z (about 2 months ago)
- Last Synced: 2024-10-29T13:18:53.975Z (about 2 months ago)
- Topics: copyright, copyright-scan, cyclonedx, dependencies, dependency-graph, license, license-checking, license-scan, licensing, open-source-licensing, oss-compliance, package-url, packages, provenance, purl, sbom, sca, software-composition-analysis, spdx, spdx-licenses
- Language: Python
- Homepage: https://github.com/aboutcode-org/scancode-toolkit/releases/
- Size: 664 MB
- Stars: 2,109
- Watchers: 72
- Forks: 546
- Open Issues: 1,098
-
Metadata Files:
- Readme: README.rst
- Changelog: CHANGELOG.rst
- Contributing: CONTRIBUTING.rst
- Funding: .github/FUNDING.yml
- Code of conduct: CODE_OF_CONDUCT.rst
- Roadmap: ROADMAP-ABOUTCODE.rst
- Authors: AUTHORS.rst
Awesome Lists containing this project
README
================
ScanCode toolkit
================A typical software project often reuses hundreds of third-party packages.
License and packages, dependencies and origin information is not always easy to
find and not normalized: ScanCode discovers and normalizes this data for you.Read more about ScanCode here: https://scancode-toolkit.readthedocs.io/.
Check out the code at https://github.com/nexB/scancode-toolkit
Discover also:
- The ScanCode.io server project here: https://scancodeio.readthedocs.io
- The ScanCode Workbench project for visualization of scancode results data:
https://github.com/nexB/scancode-workbench
- Other companion SCA projects for code origin, license and security analysis
here: https://aboutcode.orgBuild and tests status
======================We run 30,000+ tests on each commit on multiple CIs to ensure a good platform
compabitility with multiple versions of Windows, Linux and macOS.+------------+--------------+-------------------------+----------------------------+
| **Azure** | **RTD Build**| **GitHub actions Docs** | **GitHub actions Release** |
+============+==============+=========================+============================+
| |azure| | |docs-rtd| | |docs-github-actions| | |release-github-actions| |
+------------+--------------+-------------------------+----------------------------+Why use ScanCode?
=================- As a **standalone command-line tool**, ScanCode is **easy to install**, run,
and embed in your CI/CD processing pipeline.
It runs on **Windows, macOS, and Linux**.- ScanCode is **used by several projects and organizations** such as
the `Eclipse Foundation `_,
`OpenEmbedded.org `_,
the `FSFE `_,
the `FSF `_,
`OSS Review Toolkit `_,
`ClearlyDefined.io `_,
`RedHat Fabric8 analytics `_,
and many more.- ScanCode detects licenses, copyrights, package manifests, direct dependencies,
and more both in **source code** and **binary** files and is considered as the
best-in-class and reference tool in this domain, re-used as the core tools for
software composition data collection by several open source tools.- ScanCode provides the **most accurate license detection engine** and does a
full comparison (also known as diff or red line comparison) between a database
of license texts and your code instead of relying only on approximate regex
patterns or probabilistic search, edit distance or machine learning.- Written in Python, ScanCode is **easy to extend with plugins** to contribute
new and improved scanners, data summarization, package manifest parsers, and
new outputs.- You can save your scan results as **JSON, YAML, HTML, CycloneDX or SPDX** or
even create your own format with Jinja templates.- You can also organize and run ScanCode server-side with the
companion `ScanCode.io web app `_
to organize and store multiple scan projects including scripted scanning pipelines.- ScanCode output data can be easily visualized and analysed using the
`ScanCode Workbench `_ desktop app.- ScanCode is **actively maintained**, has a **growing users and contributors
community**.- ScanCode is heavily **tested** with an automated test suite of over **20,000 tests**.
- ScanCode has an extensive and growing documentation.
- ScanCode can process packages, build manifest and lockfile formats to collect
Package URLs and extract metadata: Alpine packages, BUCK files, ABOUT files,
Android apps, Autotools, Bazel, JavaScript Bower, Java Axis, MS Cab,
Rust Cargo, Cocoapods, Chef Chrome apps, PHP Composer and composer.lock,
Conda, CPAN, Debian, Apple dmg, Java EAR, WAR, JAR, FreeBSD packages,
Rubygems gemspec, Gemfile and Gemfile.lock, Go modules, Haxe packages,
InstallShield installers, iOS apps, ISO images, Apache IVY, JBoss Sar,
R CRAN, Apache Maven, Meteor, Mozilla extensions, MSI installers,
JavaScript npm packages, package-lock.json, yarn.lock, NSIS Installers,
NuGet, OPam, Cocoapods, Python PyPI setup.py, setup.cfg, and
several related lockfile formats, semi structured README
files such as README.android, README.chromium, README.facebook, README.google,
README.thirdparty, RPMs, Shell Archives, Squashfs images, Java WAR, Windows
executables and the Windows registry
and a few more. See `all available package parsers `_
for the exhaustive list.See our `roadmap `_
for upcoming features.Documentation
=============The ScanCode documentation is hosted at
`scancode-toolkit.readthedocs.io `_.If you are new to visualization of scancode results data, start with our
`newcomer `_ page.If you want to compare output changes between different versions of ScanCode,
or want to look at scans generated by ScanCode, review our
`reference scans `_.Other Important Documentation Pages:
- A `synopsis `_
of ScanCode command line options.- Tutorials on:
- `How to run a scan `_
- `How to visualize scan results `_- An exhaustive list of `all available options `_
- Documentation on `Contributing to Code Development `_
- Documentation on `Plugin Architecture `_
- `FAQ `_
See also https://aboutcode.org for related companion projects and tools.
Installation
============Before installing ScanCode make sure that you have installed the prerequisites
properly. This means installing Python 3.9 for x86/64 architectures.
We support Python 3.9, 3.10, 3.11 and 3.12.See `prerequisites `_
for detailed information on the support platforms and Python versions.There are a few common ways to `install ScanCode `_.
- `**Installation as an application: Install Python 3.9, download a release archive, extract and run**.
`_
This is the recommended installation method.- `Development installation from source code using a git clone
`_- `Development installation as a library with "pip install scancode-toolkit"
`_
[Note that this is not supported on arm64 machines]- `Run in a Docker container with a git clone and "docker run"
`_- In Fedora 40+ you can `dnf install scancode-toolkit`
Quick Start
===========After ScanCode is installed successfully you can run an example scan printed on screen as JSON::
scancode -clip --json-pp - samples
Follow the `How to Run a Scan `_
tutorial to perform a basic scan on the ``samples`` directory distributed by
default with ScanCode.See more command examples::
scancode --examples
See `How to select what will be detected in a scan
`_
and `How to specify the output format `_
for more information.You can also refer to the `command line options synopsis
`_
and an exhaustive list of `all available command line options
`_.Archive extraction
==================By default ScanCode does not extract files from tarballs, zip files, and
other archives as part of the scan. The archives that exist in a codebase
must be extracted before running a scan: `extractcode` is a bundled utility
behaving as a mostly-universal archive extractor. For example, this command will
recursively extract the mytar.tar.bz2 tarball in the mytar.tar.bz2-extract
directory::./extractcode mytar.tar.bz2
See `all extractcode options `_
and `how to extract archives `_ for details.Support
=======If you have a problem, a suggestion or found a bug, please enter a ticket at:
https://github.com/nexB/scancode-toolkit/issuesFor discussions and chats, we have:
* an official Gitter channel for `web-based chats
`_.
Gitter is now accessible through `Element `_
or an `IRC bridge `_.
There are other AboutCode project-specific channels available there too.* The discussion channel for `scancode `_
specifically aimed at users and developers using scancode-toolkit.Source code and downloads
=========================* https://github.com/nexB/scancode-toolkit/releases
* https://github.com/nexB/scancode-toolkit.git
* https://pypi.org/project/scancode-toolkit/
* https://github.com/nexB/scancode-thirdparty-src.git
* https://github.com/nexB/scancode-plugins.git
* https://github.com/nexB/thirdparty-packages.gitLicense
=======* Apache-2.0 as the overall license
* CC-BY-4.0 for reference datasets (initially was in the Public Domain).
* Multiple other secondary permissive or copyleft licenses (LGPL, MIT,
BSD, GPL 2/3, etc.) for third-party components and test suite code and data.See the NOTICE file and the .ABOUT files that document the origin and license of
the third-party code used in ScanCode for more details... |azure| image:: https://dev.azure.com/nexB/scancode-toolkit/_apis/build/status/nexB.scancode-toolkit?branchName=develop
:target: https://dev.azure.com/nexB/scancode-toolkit/_build/latest?definitionId=1&branchName=develop
:alt: Azure tests status (Linux, macOS, Windows).. |docs-rtd| image:: https://readthedocs.org/projects/scancode-toolkit/badge/?version=latest
:target: https://scancode-toolkit.readthedocs.io/en/latest/?badge=latest
:alt: Documentation Status.. |docs-github-actions| image:: https://github.com/nexB/scancode-toolkit/actions/workflows/docs-ci.yml/badge.svg?branch=develop
:target: https://github.com/nexB/scancode-toolkit/actions/workflows/docs-ci.yml
:alt: Documentation Tests.. |release-github-actions| image:: https://github.com/nexB/scancode-toolkit/actions/workflows/scancode-release.yml/badge.svg?event=push
:target: https://github.com/nexB/scancode-toolkit/actions/workflows/scancode-release.yml
:alt: Release testsAcknowledgements, Funding, Support and Sponsoring
--------------------------------------------------------This project is funded, supported and sponsored by:
- Generous support and contributions from users like you!
- the European Commission NGI programme
- the NLnet Foundation
- the Swiss State Secretariat for Education, Research and Innovation (SERI)
- Google, including the Google Summer of Code and the Google Seasons of Doc programmes
- Mercedes-Benz Group
- Microsoft and Microsoft Azure
- AboutCode ASBL
- nexB Inc.|europa| |dgconnect|
|ngi| |nlnet|
|aboutcode| |nexb|
This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial
support from the European Commission's Next Generation Internet programme, under the aegis of DG
Communications Networks, Content and Technology under grant agreement No 825322.|ngidiscovery| https://nlnet.nl/project/vulnerabilitydatabase/
This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial
support from the European Commission's Next Generation Internet programme, under the aegis of DG
Communications Networks, Content and Technology under grant agreement No 101069594.|ngizeroentrust| https://nlnet.nl/project/Back2source/
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial
support from the European Commission's Next Generation Internet programme, under the aegis of DG
Communications Networks, Content and Technology under grant agreement No 101092990.|ngizerocore| https://nlnet.nl/project/Back2source-next/
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial
support from the European Commission's Next Generation Internet programme, under the aegis of DG
Communications Networks, Content and Technology under grant agreement No 101092990.|ngizerocore| https://nlnet.nl/project/FastScan/
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial
support from the European Commission's Next Generation Internet programme, under the aegis of DG
Communications Networks, Content and Technology under grant agreement No 101135429. Additional
funding is made available by the Swiss State Secretariat for Education, Research and Innovation
(SERI).|ngizerocommons| |swiss| https://nlnet.nl/project/MassiveFOSSscan/
This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial
support from the European Commission's Next Generation Internet programme, under the aegis of DG
Communications Networks, Content and Technology under grant agreement No 101069594.|ngizeroentrust| https://nlnet.nl/project/purl2sym/
.. |nlnet| image:: https://nlnet.nl/logo/banner.png
:target: https://nlnet.nl
:height: 50
:alt: NLnet foundation logo.. |ngi| image:: https://ngi.eu/wp-content/uploads/thegem-logos/logo_8269bc6efcf731d34b6385775d76511d_1x.png
:target: https://ngi.eu35
:height: 50
:alt: NGI logo.. |nexb| image:: https://nexb.com/wp-content/uploads/2022/04/nexB.svg
:target: https://nexb.com
:height: 30
:alt: nexB logo.. |europa| image:: https://ngi.eu/wp-content/uploads/sites/77/2017/10/bandiera_stelle.png
:target: http://ec.europa.eu/index_en.htm
:height: 40
:alt: Europa logo.. |aboutcode| image:: https://aboutcode.org/wp-content/uploads/2023/10/AboutCode.svg
:target: https://aboutcode.org/
:height: 30
:alt: AboutCode logo.. |swiss| image:: https://www.sbfi.admin.ch/sbfi/en/_jcr_content/logo/image.imagespooler.png/1493119032540/logo.png
:target: https://www.sbfi.admin.ch/sbfi/en/home/seri/seri.html
:height: 40
:alt: Swiss logo.. |dgconnect| image:: https://commission.europa.eu/themes/contrib/oe_theme/dist/ec/images/logo/positive/logo-ec--en.svg
:target: https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/communications-networks-content-and-technology_en
:height: 40
:alt: EC DG Connect logo.. |ngizerocore| image:: https://nlnet.nl/image/logos/NGI0_tag.svg
:target: https://nlnet.nl/core
:height: 40
:alt: NGI Zero Core Logo.. |ngizerocommons| image:: https://nlnet.nl/image/logos/NGI0_tag.svg
:target: https://nlnet.nl/commonsfund/
:height: 40
:alt: NGI Zero Commons Logo.. |ngizeropet| image:: https://nlnet.nl/image/logos/NGI0PET_tag.svg
:target: https://nlnet.nl/PET
:height: 40
:alt: NGI Zero PET logo.. |ngizeroentrust| image:: https://nlnet.nl/image/logos/NGI0Entrust_tag.svg
:target: https://nlnet.nl/entrust
:height: 38
:alt: NGI Zero Entrust logo.. |ngiassure| image:: https://nlnet.nl/image/logos/NGIAssure_tag.svg
:target: https://nlnet.nl/image/logos/NGIAssure_tag.svg
:height: 32
:alt: NGI Assure logo.. |ngidiscovery| image:: https://nlnet.nl/image/logos/NGI0Discovery_tag.svg
:target: https://nlnet.nl/discovery/
:height: 40
:alt: NGI Discovery logo