Skip to main content

ScanCode is a tool to scan code for license, copyright, package and their documented dependencies and other interesting facts.

Project description

A typical software project often reuses hundreds of third-party packages. License and packages, dependencies and origin information is not always easy to find and not normalized: ScanCode discovers and normalizes this data for you.

Read more about ScanCode here: https://scancode-toolkit.readthedocs.io/.

Check out the code at https://github.com/nexB/scancode-toolkit

Discover also:

Build and tests status

We run 30,000+ tests on each commit on multiple CIs to ensure a good platform compabitility with multiple versions of Windows, Linux and macOS.

Appveyor

Azure

RTD Build

Appveyor tests status (Windows)

Azure tests status (Linux, macOS, Windows)

Documentation Status

Why use ScanCode?

  • As a standalone command-line tool, ScanCode is easy to install, run, and embed in your CI/CD processing pipeline. It runs on Windows, macOS, and Linux.

  • ScanCode is used by several projects and organizations such as the Eclipse Foundation, OpenEmbedded.org, the FSFE, the FSF, OSS Review Toolkit, ClearlyDefined.io, RedHat Fabric8 analytics, and many more.

  • ScanCode detects licenses, copyrights, package manifests, direct dependencies, and more both in source code and binary files and is considered as the best-in-class and reference tool in this domain, re-used as the core tools for software composition data collection by several open source tools.

  • ScanCode provides the most accurate license detection engine and does a full comparison (also known as diff or red line comparison) between a database of license texts and your code instead of relying only on approximate regex patterns or probabilistic search, edit distance or machine learning.

  • Written in Python, ScanCode is easy to extend with plugins to contribute new and improved scanners, data summarization, package manifest parsers, and new outputs.

  • You can save your scan results as JSON, HTML, CSV or SPDX or create your own format with Jinja templates.

  • You can also organize and run ScanCode server-side with the companion ScanCode.io web app to organize and store multiple scan projects including scripted scanning pipelines.

  • ScanCode is actively maintained, has a growing users and contributors community.

  • ScanCode is heavily tested with an automated test suite of over 20,000 tests.

  • ScanCode has an extensive and growing documentation.

  • ScanCode can process these packages, build manifest and lockfile formats to collect Package URLs and extract metadata: Alpine packages, BUCK files, ABOUT files, Android apps, Autotools, Bazel, JavaScript Bower, Java Axis, MS Cab, Rust Cargo, Cocoapods, Chef Chrome apps, PHP Composer and composer.lock, Conda, CPAN, Debian, Apple dmg, Java EAR, WAR, JAR, FreeBSD packages, Rubygems gemspec, Gemfile and Gemfile.lock, Go modules, Haxe packages, InstallShield installers, iOS apps, ISO images, Apache IVY, JBoss Sar, R CRAN, Apache Maven, Meteor, Mozilla extensions, MSI installers, JavaScript npm packages, package-lock.json, yarn.lock, NSIS Installers, NugGet, OPam, Cocoapods, Python PyPI setup.py, setup.cfg, and several related lockfile formats, semi structured README files such as README.android, README.chromium, README.facebook, README.google, README.thirdparty, RPMs, Shell Archives, Squashfs images, Java WAR, Windows executables and the Windows registry and a few more.

See our roadmap for upcoming features.

Documentation

The ScanCode documentation is hosted at scancode-toolkit.readthedocs.io.

If you are new to Scancode, start with our newcomer page.

If you want to compare output changes between different versions of Scancode, or want to look at scans generated by Scancode, review our reference scans.

Other Important Documentation Pages:

See also https://aboutcode.org for related companion projects and tools.

Installation

Before installing ScanCode make sure that you have installed the prerequisites properly. This means installing Python 3.8 for x86/64 architectures. We support Python 3.8, 3.9 and 3.10.

See prerequisites for detailed information on the support platforms and Python versions.

There are a few common ways to install ScanCode.

Quick Start

Note the commands variation across installation methods and platforms.

You can run an example scan printed on screen as JSON:

./scancode -clip --json-pp - samples

Follow the How to Run a Scan tutorial to perform a basic scan on the samples directory distributed by default with Scancode.

See more command examples:

./scancode --examples

See How to select what will be detected in a scan and How to specify the output format for more information.

You can also refer to the command line options synopsis and an exhaustive list of all available command line options.

Archive extraction

By default ScanCode does not extract files from tarballs, zip files, and other archives as part of the scan. The archives that exist in a codebase must be extracted before running a scan: extractcode is a bundled utility behaving as a mostly-universal archive extractor. For example, this command will recursively extract the mytar.tar.bz2 tarball in the mytar.tar.bz2-extract directory:

./extractcode mytar.tar.bz2

See all extractcode options and how to extract archives for details.

Support

If you have a problem, a suggestion or found a bug, please enter a ticket at: https://github.com/nexB/scancode-toolkit/issues

For discussions and chats, we have:

  • an official Gitter channel for web-based chats. Gitter is also accessible via an IRC bridge. There are other AboutCode project-specific channels available there too.

  • an official #aboutcode IRC channel on liberachat (server web.libera.chat). This channel receives build and commit notifications and can be noisy. You can use your favorite IRC client or use the web chat.

Source code and downloads

License

  • Apache-2.0 as the overall license

  • CC-BY-4.0 for reference datasets (initially was in the Public Domain).

  • Multiple other secondary permissive or copyleft licenses (LGPL, MIT, BSD, GPL 2/3, etc.) for third-party components and test suite code and data.

See the NOTICE file and the .ABOUT files that document the origin and license of the third-party code used in ScanCode for more details.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scancode-toolkit-31.2.5.tar.gz (15.9 MB view details)

Uploaded Source

Built Distributions

scancode_toolkit-31.2.5-cp310-none-any.whl (103.8 MB view details)

Uploaded CPython 3.10

scancode_toolkit-31.2.5-cp39-none-any.whl (103.8 MB view details)

Uploaded CPython 3.9

scancode_toolkit-31.2.5-cp38-none-any.whl (103.8 MB view details)

Uploaded CPython 3.8

File details

Details for the file scancode-toolkit-31.2.5.tar.gz.

File metadata

  • Download URL: scancode-toolkit-31.2.5.tar.gz
  • Upload date:
  • Size: 15.9 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for scancode-toolkit-31.2.5.tar.gz
Algorithm Hash digest
SHA256 bb1f71c56355098aa7a01b96b3b114a5137bf62279e486d55027fc4099f10c4f
MD5 5ad1a44f559724dbdb5245990c00f697
BLAKE2b-256 96349a4fd6f7b6fedc40e605a67df61ed4f761494131e5dbf65d13e010ff03ae

See more details on using hashes here.

File details

Details for the file scancode_toolkit-31.2.5-cp310-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-31.2.5-cp310-none-any.whl
Algorithm Hash digest
SHA256 b5e3b03ed0394fbf67aaae117e7e45b0e5f8dfa997143721b74282b87b02061a
MD5 fd1720700432ba8b6698df3bc58017a6
BLAKE2b-256 749f6c8d720035ef8154f2b6c8e65230d22a15d583f94ccc6258ad8604fe2c9f

See more details on using hashes here.

File details

Details for the file scancode_toolkit-31.2.5-cp39-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-31.2.5-cp39-none-any.whl
Algorithm Hash digest
SHA256 cfc0e6fd485433c3c4b0929b658ab71fa142765713568f45f92a9fb6158241b1
MD5 a953150b3f54b2f1dc9869ad06d14d0a
BLAKE2b-256 6983ba899642f156438316765f3399bcad1220b96481f7fc637041259c50c45f

See more details on using hashes here.

File details

Details for the file scancode_toolkit-31.2.5-cp38-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit-31.2.5-cp38-none-any.whl
Algorithm Hash digest
SHA256 1dd14694e98a49d241a9c34902192ec5afe738249bac364be063ed35dcbc47cd
MD5 15e1c15fd6cc66d1c296c53c0c532447
BLAKE2b-256 804224b940a01f05797f16c7fc211e737a31c6d01eb16cb31669a8d0014e1f24

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page