Skip to main content

Automate software composition analysis pipelines

Project description

ScanCode.io provides a Web UI and API to run and review complex scans in rich scripted pipelines, on different kinds of containers, docker images, package archives, manifests etc, to get information on licenses, copyrights, sources, and vulnerabilities.

Why Use ScanCode.io?

ScanCode.io provides an easy-to-use front-end to ScanCode Toolkit and other AboutCode projects.The flexible pipeline technology supports advanced scanning tasks such as container scanning and deploy-to-develop analysis. You can run ScanCode.io in a Docker container or install it on a Linux server. It provides full support for generating and consuming CycloneDX and SPDX SBOMs.

Getting Started

Instructions to get you up and running on your local machine are at Getting Started

The ScanCode.io documentation also provides:

  • prerequisites for installing the software.

  • instructions guiding you to start scanning code.

  • tutorials that provide hands-on guidance to ScanCode features.

  • how to customize your own pipelines.

  • how to use a GitHub action to run ScanCode.io pipelines from your GitHub Workflows.

  • references explaining integration with other AboutCode projects.

  • guidelines for contributing to code development.

If you have questions that are not covered by our documentation, please ask them in Discussions.

Contributing

Thank you for your interest in contributing to AboutCode projects. Please read the following guidelines carefully before getting started.

Build and tests status

Tests

Documentation

CI Tests Status

Documentation Build Status

License

SPDX-License-Identifier: Apache-2.0

The ScanCode.io software is licensed under the Apache License version 2.0. Data generated with ScanCode.io is provided as-is without warranties. ScanCode is a trademark of nexB Inc.

You may not use this software except in compliance with the License. You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Data Generated with ScanCode.io is provided on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. No content created from ScanCode.io should be considered or used as legal advice. Consult an Attorney for any legal advice.

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

  • Generous support and contributions from users like you!

  • the European Commission NGI programme

  • the NLnet Foundation

  • the Swiss State Secretariat for Education, Research and Innovation (SERI)

  • Google, including the Google Summer of Code and the Google Seasons of Doc programmes

  • Mercedes-Benz Group

  • Microsoft and Microsoft Azure

  • AboutCode ASBL

  • nexB Inc.

Europa logo EC DG Connect logo

NGI logo NLnet foundation logo

AboutCode logo nexB logo

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.

NGI Discovery logo https://nlnet.nl/project/vulnerabilitydatabase/

This project is funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/FederatedSoftwareMetadata/

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).

NGI Zero Commons Logo Swiss logo https://nlnet.nl/project/FederatedCodeNext/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/Back2source/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

NGI Zero Core Logo https://nlnet.nl/project/Back2source-next/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

NGI Zero Core Logo https://nlnet.nl/project/FastScan/

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).

NGI Zero Commons Logo Swiss logo https://nlnet.nl/project/MassiveFOSSscan/

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.

NGI Assure logo https://nlnet.nl/project/FOSS-supplychain/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/FOSS-supplychain-II/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/purl2all/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/purl2sym/

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scancodeio-37.2.0.tar.gz (22.4 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

scancodeio-37.2.0-py3-none-any.whl (22.8 MB view details)

Uploaded Python 3

File details

Details for the file scancodeio-37.2.0.tar.gz.

File metadata

  • Download URL: scancodeio-37.2.0.tar.gz
  • Upload date:
  • Size: 22.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for scancodeio-37.2.0.tar.gz
Algorithm Hash digest
SHA256 c2555cb8a019e52077a538c22be5741bfac4f0bc31ef0b361952d1fbf83cdfa0
MD5 2f9565753fab5bea35cf5c0400ead041
BLAKE2b-256 1242f6d33d1789c33b1642fff684b2376e5656f989e99b04a5eb006db313bd75

See more details on using hashes here.

Provenance

The following attestation bundles were made for scancodeio-37.2.0.tar.gz:

Publisher: publish-pypi-release.yml on aboutcode-org/scancode.io

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file scancodeio-37.2.0-py3-none-any.whl.

File metadata

  • Download URL: scancodeio-37.2.0-py3-none-any.whl
  • Upload date:
  • Size: 22.8 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for scancodeio-37.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6a5531f0b1427f05602e89d6cb98521fcdd395594a7e923afe0d3ce47a3914ef
MD5 c23c627ed708c9458512d607be7e9d82
BLAKE2b-256 4b033cbab4543d8fcf96100831842b253cba09852ef45bd4a547807807e3896a

See more details on using hashes here.

Provenance

The following attestation bundles were made for scancodeio-37.2.0-py3-none-any.whl:

Publisher: publish-pypi-release.yml on aboutcode-org/scancode.io

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page