aboutcode-org / aboutcode-toolkit
AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
☆96Updated this week
Alternatives and similar repositories for aboutcode-toolkit:
Users that are interested in aboutcode-toolkit are comparing it to the libraries listed below
- Automate open source license compliance and ensure software supply chain integrity☆30Updated this week
- container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relat…☆37Updated 3 weeks ago
- Doc, wiki and organizational content for ClearlyDefined☆94Updated 3 weeks ago
- Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX …☆64Updated last month
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆131Updated this week
- ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.☆166Updated 2 months ago
- Source for the website providing online SPDX tools☆66Updated 2 weeks ago
- A Python library to parse, validate and create SPDX documents.☆206Updated 6 months ago
- SPDX Tools☆135Updated last year
- SPDX 2.0 document creation and storage☆16Updated 2 years ago
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆74Updated 5 months ago
- A free and open database of all the licenses, in particular all the open source software licenses☆43Updated last week
- The International FOSS Law Book, v.2 and onwards☆13Updated 3 years ago
- OSPO Landscape☆34Updated 3 weeks ago
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆44Updated this week
- The OSS Attribution Builder is a website that helps teams create attribution documents (notices, "open source screens", credits, etc) com…☆81Updated 4 years ago
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆84Updated this week
- Risk Working Group Repository☆26Updated last month
- FOSSmarks - A practical guide to understanding trademarks in the context of Free and Open Source Software projects.☆24Updated last year
- The model for the information captured in SPDX version 3 standard.☆79Updated last week
- A light-weight app to audit and inventory large codebases for open source license compliance.☆61Updated this week
- A collection of scripts for license compliance scanning, mostly experimental☆22Updated 2 months ago
- Curations and configuration files for the OSS Review Toolkit.☆18Updated last week
- Atarashi scans for license statements in open source software, focusing on text statistics. Designed to work stand-alone and with FOSSolo…☆27Updated 2 years ago
- Publications done by Double Open.☆16Updated 4 years ago
- ☆35Updated 2 months ago
- QMSTR compliance tool☆32Updated 2 years ago
- Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs…☆34Updated 5 months ago
- The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.☆316Updated last week
- a license identification tool for Source Code☆110Updated 2 years ago