ScanCode.io

ScanCode.io is a server that scripts and automates Software Composition Analysis with ScanPipe pipelines.

The initial ScanCode.io application handles Docker container and VM composition analyses.

When you analyze Docker container images, for example, there could be hundreds to thousands of system packages (such as Debian, RPM, Alpine) and application packages (such as npm, PyPI, Rubygems, Maven) installed in an image side-by-side with your own code.

Taking care of all these system and application packages can be challenging. ScanCode.io can help organize these complex code analyses as scripted pipelines and store their results in a uniform database for automated code analysis.