ScanCode provides a set of tools and applications to scan software codebases and packages to determine the origin and license (provenance) of open source (and other third-party) software.
The core ScanCode module is ScanCode Toolkit which is an industry-leading code scanning “engine”. ScanCode detects licenses, copyrights, package manifests and more in both source code and binary files. You can use ScanCode TK as a command-line tool or as a library. There are many scanning options and output formats (JSON, HTML, CSV or SPDX). There is already a large set of pre- and post-plugins. You can also create your own plugins.
ScanCode.io is a Django-based application for automated Software Composition Analysis with ScanCode Toolkit. ScanCode.io uses multi-stage configurable pipelines (ScanPipes) to automate Scanning with unlimited pre- or post-Scan steps for your analysis. There are standard pipelines for Docker (including Windows) images, codebases, packages and root filesystems. You can run ScanCode.io on Docker or on a Linux server. It has a complete REST API for all functions and data.
ScanCode LicenseDB is a tool to compare Scans so that you can identify changes between versions or releases of a project or product. The primary use case is to streamline your FOSS compliance workflow so that you can focus on only the changes since your last baseline inventory of open source components and packages.
ScanCode Workbench is a desktop application that you can use to view the results of a Scan. It features a TreeView for navigating your codebase, a TableView for viewing details and many charts of Scan data. ScanCode Workbench runs on modern versions of MacOS, Linux and Windows.