76 projects
vulnerablecode
VulnerableCode is a free and open database of open source software package vulnerabilities because open source software vulnerabilities data and tools should be free and open source themselves.
scancodeio
Automate software composition analysis pipelines
go-inspector
go-inspector is a scancode plugin to extract symbols and dependencies found in Go binaries.
extractcode-7z-system-provided
A ScanCode path provider plugin to provide system package provided sevenzip binary.
extractcode-libarchive-system-provided
A ScanCode path provider plugin to provide a system package provided libarchive shared library.
typecode-libmagic-system-provided
A ScanCode path provider plugin to provide a system package provided libmagic binary and database.
license-expression
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
intbitset
C-based extension implementing fast integer bit sets.
packageurl-python
A purl aka. Package URL parser and builder
scancode-toolkit-mini
ScanCode is a tool to scan code for license, copyright, package and their documented dependencies and other interesting facts. scancode-toolkit-mini is a special build that does not come with pre-built binary dependencies by default. These are instead installed separately or with the extra_requires scancode-toolkit-mini[full]
scancode-toolkit
ScanCode is a tool to scan code for license, copyright, package and their documented dependencies and other interesting facts.
spdx-tools
SPDX parser and tools.
android-inspector
A collection of ScanCode.io pipelines dedicated to Android APK analysis.
fetchcode
fetchcode is a library to reliably fetch code via HTTP, FTP and version control systems.
aboutcode.hashid
A library for aboutcode hash-based identifiers for VCID, and PURLs
commoncode
Set of common utilities, originally split from ScanCode
pygmars
Craft simple regex-based small language lexers and parsers. Build parsers from grammars and accept Pygments lexers as an input. Derived from NLTK.
scorecode
A package to fetch data from OpenSSF Scorecard API
gemfileparser2
Parse Ruby Gemfile, .gemspec and Cocoapod .podspec files using Python.
univers
A mostly universal library to parse and compare software package versions and version ranges. A companion to Package URLs.
purl2vcs
purl2vcs is an add-on library working with the PurlDB to find the version control system (VCS) URL of a package and detect the commit, tags and path for a given version.
saneyaml
Read and write readable YAML safely preserving order and avoiding bad surprises with unwanted infered type conversions. This library is a PyYaml wrapper with sane behaviour to read and write readable YAML safely, typically when used for configuration.
source-inspector
source-inspector
aboutcode.pipeline
AboutCode Pipeline library. Execute code in steps.
python-inspector
python-inspector is is a collection of utilities to collect PyPI package metadata and resolve packages dependencies.
typecode
Comprehensive filetype and mimetype detection using libmagic and Pygments.
cwe2
cwe2 is a CWE common weakness enumeration library for Python
aboutcode-toolkit
AboutCode-toolkit is a tool to document the provenance (origin and license) of third-party software using small text files. Collect inventories and generate attribution documentation.
container-inspector
Docker, containers, rootfs and virtual machine related software composition analysis (SCA) utilities.
licensedcode-index
A packaging of the ScanCode licensedb license and license rules pre-built index. Can only be used with ScanCode-Toolkit.
licensedcode-data
A packaging of the ScanCode licensedb license and license rules database.
pyahocorasick
pyahocorasick is a fast and memory efficient library for exact or approximate multi-pattern string search. With the ``ahocorasick.Automaton`` class, you can find multiple key string occurrences at once in some input text. You can use it as a plain dict-like Trie or convert a Trie to an automaton for efficient Aho-Corasick search. And pickle to disk for easy reuse of large automatons. Implemented in C and tested on Python 3.6+. Works on Linux, macOS and Windows. BSD-3-Cause license.
pymaven-patch
Python access to maven. nexB advanced patch.
purldb-toolkit
A toolkit and library to use the PurlDB and its API
debian-inspector
Utilities to parse Debian package, copyright and control files.
flot
Flot is a simple tool to easily build multiple packages (wheel and sdist) from a single repo without having to create a subdir or another repo for each package, and by simply listing which files to include.
dejacode
Automate open source license compliance and ensure supply chain integrity
elf-inspector
A utility to inspect ELF binary files. Designed as a ScanCode plugin.
plugincode
plugincode is a library that provides plugin functionality for ScanCode toolkit.
tracecode-toolkit-strace
TraceCode toolkit "strace" is dynamic build tracer and grapher
dparse2
A parser for Python dependency files
packvers
Core utilities for Python packages. Fork to support LegacyVersion
packaging2
Core utilities for Python packages. Fork to support LegacyVersion
pip-requirements-parser
pip requirements parser - a mostly correct pip requirements parsing library because it uses pip's own code.
packagedb
A purl (Package URL) Database
extractcode
A mostly universal archive extractor using 7zip, libarchive and the Python standard library for reliable archive extraction.
boolean.py
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
parameter-expansion-patched
Shell parameter expansion in Python. Patched by co-maintainer for a PyPI release.
cabarchive
A pure-python library for creating and extracting cab files
pkginfo2
Query metadatdata from sdists / bdists / installed packages. Safer fork of pkginfo to avoid doing arbitrary imports and eval()
regipy2
Python Registry Parser2 - This is a temporary advanced patched package, with relaxed dependency constraints. It is there only until upstream is updated. See https://github.com/nexB/regipy/ and https://github.com/mkorman90/regipy/pull/200
reppy2
Replacement robots.txt Parser in pure Python
compiledcode
A ScanCode scan plugin to get lkmclue, dwarf, gwt, cpp includes, code/comments lines generated code and elf info.
scancodeio-glc-plugin
Google Licenseclassifier pipeline for ScanCode.io
parameter-expansion
POSIX parameter expansion in Python
typecode-libmagic
A ScanCode path provider plugin to provide a prebuilt native libmagic binary and database.
extractcode-libarchive
A ScanCode path provider plugin to provide a prebuilt native libarchive binary.
extractcode-7z
A ScanCode path provider plugin to provide a prebuilt native sevenzip binary.
fetchcode-container
A ScanCode path provider plugin to provide a prebuilt native skopeobinary built from sources that are bundled in the repo and sdist.
scancode-analyzer
A scancode-toolkit plugin to analyze scan results for License Detection Issues
rpm-inspector-rpm
A ScanCode path provider plugin to provide a prebuilt native rpm binary built with many rpm backend database formats supported. The rpm binary is built from sources that are bundled in the repo and sdist.
textcode-pdf2text
A ScanCode path provider plugin to provide a prebuilt native libmagic binary and database.
typecode-libmagic-from-sources
A ScanCode path provider plugin to provide a prebuilt native libmagic binary and database. libmagic is built from sources that are bundled in the repo and sdist
debut
Utilities to parse Debian package, copyright and control files.
github-release-retry2
A tool for creating GitHub Releases and uploading assets reliably. Temp fork with patch for https://github.com/google/github-release-retry/pull/6
gemfileparser
Parse Ruby Gemfile, .gemspec and Cocoapod .podspec files using Python.
urlpy
Simple URL parsing, canonicalization and equivalence.
publicsuffix2
Get a public suffix for a domain name using the Public Suffix List. Forked from and using the same API as the publicsuffix package.
schematics-patched
A aptched version of schematics 1.1.1 that can pickle with multiprocessing
purl-python
A "purl" aka. package URL parser and builder. [deprecated name: use instead packageurl-python at https://pypi.python.org/pypi/packageurl-python ]
certbot-pinned
certbot metapackage with pinned dependency versions
django-pluggables
A design pattern for Django that allows you to build "Pluggable" Reusable Applications
django-guardian-on-wheels
Implementation of per object permissions for Django. Minor fork to get wheels in Pypi
AboutCode
Document the provenance (origin and license) of third-party software using small text files. Collect inventories, generate attribution documentation.
anyreadline
Install the proper readline package implementation as needed for your OS: Mac, Windows or Linux
buildout-offline
A buildout offline extension to run a buildout offline consistently with no network connection
