Skip to main content

ScanCode is a tool to scan code for license, copyright, package and their documented dependencies and other interesting facts.

Project description

A typical software project often reuses hundreds of third-party packages. License and packages, dependencies and origin information is not always easy to find and not normalized: ScanCode discovers and normalizes this data for you.

Read more about ScanCode here: https://scancode-toolkit.readthedocs.io/.

Check out the code at https://github.com/nexB/scancode-toolkit

Discover also:

Build and tests status

We run 30,000+ tests on each commit on multiple CIs to ensure a good platform compabitility with multiple versions of Windows, Linux and macOS.

Azure

RTD Build

GitHub actions Docs

GitHub actions Release

Azure tests status (Linux, macOS, Windows)

Documentation Status

Documentation Tests

Release tests

Why use ScanCode?

  • As a standalone command-line tool, ScanCode is easy to install, run, and embed in your CI/CD processing pipeline. It runs on Windows, macOS, and Linux.

  • ScanCode is used by several projects and organizations such as the Eclipse Foundation, OpenEmbedded.org, the FSFE, the FSF, OSS Review Toolkit, ClearlyDefined.io, RedHat Fabric8 analytics, and many more.

  • ScanCode detects licenses, copyrights, package manifests, direct dependencies, and more both in source code and binary files and is considered as the best-in-class and reference tool in this domain, re-used as the core tools for software composition data collection by several open source tools.

  • ScanCode provides the most accurate license detection engine and does a full comparison (also known as diff or red line comparison) between a database of license texts and your code instead of relying only on approximate regex patterns or probabilistic search, edit distance or machine learning.

  • Written in Python, ScanCode is easy to extend with plugins to contribute new and improved scanners, data summarization, package manifest parsers, and new outputs.

  • You can save your scan results as JSON, YAML, HTML, CycloneDX or SPDX or even create your own format with Jinja templates.

  • You can also organize and run ScanCode server-side with the companion ScanCode.io web app to organize and store multiple scan projects including scripted scanning pipelines.

  • ScanCode output data can be easily visualized and analysed using the ScanCode Workbench desktop app.

  • ScanCode is actively maintained, has a growing users and contributors community.

  • ScanCode is heavily tested with an automated test suite of over 20,000 tests.

  • ScanCode has an extensive and growing documentation.

  • ScanCode can process packages, build manifest and lockfile formats to collect Package URLs and extract metadata: Alpine packages, BUCK files, ABOUT files, Android apps, Autotools, Bazel, JavaScript Bower, Java Axis, MS Cab, Rust Cargo, Cocoapods, Chef Chrome apps, PHP Composer and composer.lock, Conda, CPAN, Debian, Apple dmg, Java EAR, WAR, JAR, FreeBSD packages, Rubygems gemspec, Gemfile and Gemfile.lock, Go modules, Haxe packages, InstallShield installers, iOS apps, ISO images, Apache IVY, JBoss Sar, R CRAN, Apache Maven, Meteor, Mozilla extensions, MSI installers, JavaScript npm packages, package-lock.json, yarn.lock, NSIS Installers, NuGet, OPam, Cocoapods, Python PyPI setup.py, setup.cfg, and several related lockfile formats, semi structured README files such as README.android, README.chromium, README.facebook, README.google, README.thirdparty, RPMs, Shell Archives, Squashfs images, Java WAR, Windows executables and the Windows registry and a few more. See all available package parsers for the exhaustive list.

See our roadmap for upcoming features.

Documentation

The ScanCode documentation is hosted at scancode-toolkit.readthedocs.io.

If you are new to visualization of scancode results data, start with our newcomer page.

If you want to compare output changes between different versions of ScanCode, or want to look at scans generated by ScanCode, review our reference scans.

Other Important Documentation Pages:

See also https://aboutcode.org for related companion projects and tools.

Installation

Before installing ScanCode make sure that you have installed the prerequisites properly. This means installing Python 3.10 for x86/64 architectures. We support Python 3.9, 3.10, 3.11, 3.12 and 3.13.

See prerequisites for detailed information on the support platforms and Python versions.

There are a few common ways to install ScanCode.

Quick Start

After ScanCode is installed successfully you can run an example scan printed on screen as JSON:

scancode -clip --json-pp - samples

Follow the How to Run a Scan tutorial to perform a basic scan on the samples directory distributed by default with ScanCode.

See more command examples:

scancode --examples

See How to select what will be detected in a scan and How to specify the output format for more information.

You can also refer to the command line options synopsis and an exhaustive list of all available command line options.

Archive extraction

By default ScanCode does not extract files from tarballs, zip files, and other archives as part of the scan. The archives that exist in a codebase must be extracted before running a scan: extractcode is a bundled utility behaving as a mostly-universal archive extractor. For example, this command will recursively extract the mytar.tar.bz2 tarball in the mytar.tar.bz2-extract directory:

./extractcode mytar.tar.bz2

See all extractcode options and how to extract archives for details.

Support

If you have a problem, a suggestion or found a bug, please enter a ticket at: https://github.com/nexB/scancode-toolkit/issues

For discussions and chats, we have:

  • an official Gitter channel for web-based chats. Gitter is now accessible through Element or an IRC bridge. There are other AboutCode project-specific channels available there too.

  • The discussion channel for scancode specifically aimed at users and developers using scancode-toolkit.

Source code and downloads

License

  • Apache-2.0 as the overall license

  • CC-BY-4.0 for reference datasets (initially was in the Public Domain).

  • Multiple other secondary permissive or copyleft licenses (LGPL, MIT, BSD, GPL 2/3, etc.) for third-party components and test suite code and data.

See the NOTICE file and the .ABOUT files that document the origin and license of the third-party code used in ScanCode for more details.

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

  • Generous support and contributions from users like you!

  • the European Commission NGI programme

  • the NLnet Foundation

  • the Swiss State Secretariat for Education, Research and Innovation (SERI)

  • Google, including the Google Summer of Code and the Google Seasons of Doc programmes

  • Mercedes-Benz Group

  • Microsoft and Microsoft Azure

  • AboutCode ASBL

  • nexB Inc.

Europa logo EC DG Connect logo

NGI logo NLnet foundation logo

AboutCode logo nexB logo

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.

NGI Discovery logo https://nlnet.nl/project/vulnerabilitydatabase/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/Back2source/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

NGI Zero Core Logo https://nlnet.nl/project/Back2source-next/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

NGI Zero Core Logo https://nlnet.nl/project/FastScan/

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).

NGI Zero Commons Logo Swiss logo https://nlnet.nl/project/MassiveFOSSscan/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/purl2sym/

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scancode-toolkit-32.4.0.tar.gz (20.8 MB view details)

Uploaded Source

Built Distributions

scancode_toolkit-32.4.0-cp313-none-any.whl (119.7 MB view details)

Uploaded CPython 3.13

scancode_toolkit-32.4.0-cp312-none-any.whl (119.7 MB view details)

Uploaded CPython 3.12

scancode_toolkit-32.4.0-cp311-none-any.whl (119.7 MB view details)

Uploaded CPython 3.11

scancode_toolkit-32.4.0-cp310-none-any.whl (119.7 MB view details)

Uploaded CPython 3.10

scancode_toolkit-32.4.0-cp39-none-any.whl (119.7 MB view details)

Uploaded CPython 3.9

File details

Details for the file scancode-toolkit-32.4.0.tar.gz.

File metadata

  • Download URL: scancode-toolkit-32.4.0.tar.gz
  • Upload date:
  • Size: 20.8 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for scancode-toolkit-32.4.0.tar.gz
Algorithm Hash digest
SHA256 91320399a5ce42eb03cb45c80ee8bb70a9d1d5172331e4038c38a3b9f874edc4
MD5 065235324887d27d94e9e12e639c399a
BLAKE2b-256 084ee82c57675263b49af35cf191f99eb862e3a04ae009386121b8f5ebfe6268

See more details on using hashes here.

File details

Details for the file scancode_toolkit-32.4.0-cp313-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-32.4.0-cp313-none-any.whl
Algorithm Hash digest
SHA256 20e1f051f869872f0f69e1a267934b061ec17858f0159114e1bde236c2908c1f
MD5 1228482bfa9264b016b7dbfd15943dac
BLAKE2b-256 b5364b398c24bf511143508735d80e1c47ac5706958d8ef66540177634b913db

See more details on using hashes here.

File details

Details for the file scancode_toolkit-32.4.0-cp312-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-32.4.0-cp312-none-any.whl
Algorithm Hash digest
SHA256 63556b8acc5acb9802e2c9989a16c7bd9ef512b9493bffc54d392fa3c96abcd0
MD5 eed64b4fd3aa589c98d037fa8a1024bc
BLAKE2b-256 708bbdca935c6d18a19d69affacdda67cc4a69f18cb0ea3379b862e92bd1f2b9

See more details on using hashes here.

File details

Details for the file scancode_toolkit-32.4.0-cp311-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-32.4.0-cp311-none-any.whl
Algorithm Hash digest
SHA256 8f265e35cc5272765a213a0a6c9cebcf67dcc77d41d52c43a0f4767770614baa
MD5 3c1c0391605c9d6a47c45f0e7766549a
BLAKE2b-256 ac4ba2428f8536da0c8bb01da6029a617ab172aab6455ab866716ea4df84cc6c

See more details on using hashes here.

File details

Details for the file scancode_toolkit-32.4.0-cp310-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-32.4.0-cp310-none-any.whl
Algorithm Hash digest
SHA256 5bc1fb11953921a7362ba432a8e25fe84cb8421b45cd5c62a44ebeb65787bcf6
MD5 eaf706312dc97c3f1f72035f26927507
BLAKE2b-256 948b478752525fd09c40effc7a95aef8ab9ec5c4805b675a09685a6ad00809ec

See more details on using hashes here.

File details

Details for the file scancode_toolkit-32.4.0-cp39-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-32.4.0-cp39-none-any.whl
Algorithm Hash digest
SHA256 bbf2fae4a96b31df28656cb5f0663fe243d723703390e28ae2e2683491bc1dbd
MD5 b8a48043e617a691da5f3f3c939cba1f
BLAKE2b-256 56b407e53cc1f3b946088762f4a54a44c6dc4478afeebe3d3fe7fe6593704503

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page