ScanCode.io is a Django-based application that automates complex Software Composition Analysis with ScanPipe pipelines. A prominent use case for ScanCode.io is the analysis of Docker images which can contain hundreds to thousands of FOSS system packages (such as Debian, RPM, Alpine) and application packages (such as npm, PyPI, Rubygems, Maven) in addition to your own code. Identifying all these system and application packages can be challenging plus you will also need to identify software files that in your Docker image that are not packages. ScanCode.io identifies origin and license informations for both packages (Discovered Package) and any files that are not part of a package (Codebase Resources).
Currently, there are standard pipelines for Docker (including Windows) images, codebases, packages and root filesystems. You can run ScanCode.io on Docker or on a Linux server. It has a complete REST API for all functions and data and a PostgreSQL database of Scan results.