scancodeio 36.1.0

Automate software composition analysis pipelines

ScanCode.io provides a Web UI and API to run and review complex scans in rich scripted pipelines, on different kinds of containers, docker images, package archives, manifests etc, to get information on licenses, copyrights, sources, and vulnerabilities.

Why Use ScanCode.io?

ScanCode.io provides an easy-to-use front-end to ScanCode Toolkit and other AboutCode projects.The flexible pipeline technology supports advanced scanning tasks such as container scanning and deploy-to-develop analysis. You can run ScanCode.io in a Docker container or install it on a Linux server. It provides full support for generating and consuming CycloneDX and SPDX SBOMs.

Getting Started

Instructions to get you up and running on your local machine are at Getting Started

The ScanCode.io documentation also provides:

• prerequisites for installing the software.

• instructions guiding you to start scanning code.

• tutorials that provide hands-on guidance to ScanCode features.

• how to customize your own pipelines.

• how to use a GitHub action to run ScanCode.io pipelines from your GitHub Workflows.

• references explaining integration with other AboutCode projects.

• guidelines for contributing to code development.

If you have questions that are not covered by our documentation, please ask them in Discussions.

Build and tests status

Tests	Documentation

License

SPDX-License-Identifier: Apache-2.0

The ScanCode.io software is licensed under the Apache License version 2.0. Data generated with ScanCode.io is provided as-is without warranties. ScanCode is a trademark of nexB Inc.

You may not use this software except in compliance with the License. You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Data Generated with ScanCode.io is provided on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. No content created from ScanCode.io should be considered or used as legal advice. Consult an Attorney for any legal advice.

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

• Generous support and contributions from users like you!

• the European Commission NGI programme

• the NLnet Foundation

• the Swiss State Secretariat for Education, Research and Innovation (SERI)

• Google, including the Google Summer of Code and the Google Seasons of Doc programmes

• Mercedes-Benz Group

• Microsoft and Microsoft Azure

• AboutCode ASBL

• nexB Inc.

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.

https://nlnet.nl/project/vulnerabilitydatabase/

This project is funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/FederatedSoftwareMetadata/

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).

https://nlnet.nl/project/FederatedCodeNext/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/Back2source/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

https://nlnet.nl/project/Back2source-next/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

https://nlnet.nl/project/FastScan/

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).

https://nlnet.nl/project/MassiveFOSSscan/

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.

https://nlnet.nl/project/FOSS-supplychain/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/FOSS-supplychain-II/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/purl2all/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/purl2sym/