ScanCode provides a set of tools and applications to scan software codebases and packages to determine the origin and license (provenance) of your open source (and other third-party) software. All of the ScanCode modules are available for Linux, MacOS and Windows. There are currently three major ScanCode modules with more in the planning phase.

The primary ScanCode module is ScanCode Toolkit, which is the scanning “engine”. ScanCode TK is a command-line tool with many scanning options and output formats (JSON, HTML, CSV or SPDX). ScanCode detects licenses, copyrights, package manifests and more in both source code and binary files. There is already a large set of pre- and post-plugins and you can also create your own plugins. is a server that scripts and automates Software Composition Analysis with ScanPipe pipelines. The initial application handles Docker container and VM composition analyses.

ScanCode Workbench is a desktop application that you can use to view the results of a Scan and record your Conclusions about the licensing for components and packages. For example, if you have files in a codebase directory with different copyright and license notices, you may want to summarize that information at the directory level for easier tracking and attribution reporting.

DeltaCode is a tool to compare Scans so that you can identify changes between versions or releases of a project or product. The primary use case is to streamline your FOSS compliance workflow so that you can focus on only the changes since your last baseline inventory of open source components and packages.