Welcome to AboutCode!

AboutCode.org is a community of open source developers who are trying to make open source easier to use by providing open source tools to discover, identify and track open source components (aka Software Composition Analysis – SCA). AboutCode is the collective name for these open source tools.

ScanCode is a set of open source tools for scanning code to identify code origin and license (aka provenance) information. There are currently four ScanCode modules:

  • ScanCode Toolkit - the scanning engine (command-line)

  • ScanCode.io - server that scripts and automates Software Composition Analysis

  • ScanCode Workbench - desktop application to view and annotate Scans

  • DeltaCode - tool to compare Scans for different codebase versions

AboutCode Toolkit provides a set of tools to

  • Document origin, license and usage metadata for your code in ABOUT files and

  • Generate Attribution documents and software Inventory or BOM reports.

AboutCode Toolkit includes an extensible framework for the content of ABOUT files.

TraceCode Toolkit is a set of tools to help you trace the use of software components from development to deployment or distribution (i.e., your CI/CD pipeline). The first release of TraceCode is focused on tracing builds in a C/C++ development context.

VulnerableCode is an early stage project to provide a free and open source database of vulnerabilities and the packages they impact — plus the tools you need to aggregate and correlate those vulnerabilities. VulnerableCode is supported by the NLNet Foundation.

We also maintain some smaller open source projects such as the license-expression library so that we can share common libraries and utilities used in our projects.

package-url is a specification and implementation for “purl”, which is an abbreviation for a “package (mostly universal) URL”. purl is used across our AboutCode projects with implementations for seven major languages.