aboutcode-org / scancode-toolkitLinks
ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
☆2,307Updated this week
Alternatives and similar repositories for scancode-toolkit
Users that are interested in scancode-toolkit are comparing it to the libraries listed below
Sorting:
- A suite of tools to automate software compliance checks.☆1,769Updated this week
- FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export contr…☆870Updated last week
- ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.☆166Updated 5 months ago
- Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…☆990Updated last year
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆593Updated this week
- Find licenses for your project's dependencies.☆1,763Updated 11 months ago
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,108Updated this week
- Supply-chain Levels for Software Artifacts☆1,676Updated this week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆791Updated last week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆372Updated this week
- The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.☆328Updated last week
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆717Updated this week
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆136Updated this week
- Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Langua…☆1,398Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆402Updated this week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆7,223Updated this week
- A Python library to parse, validate and create SPDX documents.☆215Updated 2 months ago
- SW360 project☆156Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆570Updated 2 months ago
- Python reference implementation of The Update Framework (TUF)☆1,665Updated last week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,373Updated this week
- A Ruby Gem to detect under what license a project is distributed.☆840Updated last week
- Open source vulnerability DB and triage service.☆1,902Updated this week
- OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…☆718Updated last week
- A vulnerability scanner for container images and filesystems☆10,043Updated this week
- SPDX Tools☆137Updated 2 years ago
- CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments☆294Updated this week
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆88Updated 2 weeks ago
- a license identification tool for Source Code☆110Updated 3 years ago
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,437Updated this week