nexB Icon

We believe that good open source tools help you use open source.

Our mission is to make open source software safer and easier for everyone to use, with open source tools for open source SCA.

AboutCode is our community of critical open source tools for open source SCA – including ScanCode, VulnerableCode, DejaCode, and many other open tools and open data – to automate open source compliance and ensure software supply chain security.

nexB provides commercial support and services for the AboutCode stack to organizations of all sizes. This helps the AboutCode maintainers continue their mission.

Open source compliance is a requirement for every organization.​

Modern software products and systems are composed of up to 80% open source components. Software development teams face tremendous challenges tracking all open source and third-party components, including dependencies and compliance obligations – legacy spreadsheets can longer manage the high volume and rate of change.

Managing open source components – especially their licensing and provenance – is a critical part of the Software Composition Analysis (SCA) process. SCA is now a pre-requisite for modern organizations to comply with mandated Software Bill of Materials (SBOM) and other regulations. Automating FOSS compliance is essential to ensure software supply chain integrity.

Organizations of all sizes choose the open source AboutCode stack for compliance automation and nexB for our open source expertise.

The AboutCode Stack is 100% open source and uses 100% open data.

Ensure open compliance.

Improve software supply chain security.

AboutCode makes open source safer and easier to use by building modular, best-in-class open source tools, data, and standards for Software Composition Analysis (SCA).

The AboutCode stack is optimized for the practical management of open source software for licensing and vulnerability risks to ensure open source compliance, and strengthen software supply chain security and integrity for organizations of all sizes.

Track all components – both open source and third-party.

Identify vulnerabilities across data sources.

 Automate compliance with organization-wide usage policies.

 Ensure software supply chain integrity with SBOMs.

Find open source with open source, with ScanCode.

Scan your codebase directly from the CLI.

Or automate SCA.

Discover open source components in your software with ScanCode, the leading open source code scanning engine, used and trusted by 4 of the 5 Big Tech companies:

Identify any open source components and their license compliance data in an application codebase.

Generate an inventory of components and their licenses to use as the baseline for your FOSS compliance process.

 100% open source under Apache 2.0 and other business-friendly licenses with support for all programming languages and environments.

Either download ScanCode Toolkit and add it to your workflow directly or run ScanCode.io to automate the SCA process with comprehensive APIs and specific, customizable pipelines.

Find FOSS vulnerabilities across data sources, with VulnerableCode.

And improve FOSS security in modern applications.

The explosion of FOSS usage across industries requires a new approach to efficiently identify FOSS security vulnerabilities – one based on open data and FOSS tools, not proprietary and privately maintained databases built for proprietary software components.

VulnerableCode is a FOSS tool to automate search for FOSS security vulnerabilities, utilizing a free and open database of FOSS package vulnerabilities.

By collecting and parsing data from many sources, identifying packages with a standardized package-url, and accessing the data through a REST API, VulnerableCode addresses key security concerns for using FOSS code in modern applications.

Ensure enterprise-wide compliance, automated with DejaCode.

Track all components.

DejaCode is your system of record for SBOMs.

DejaCode is the complete enterprise-level open source license compliance application, powered by ScanCode:

Run scans and track all the open source and third-party products and components used in your software.

Define usage policies at the license or component level, and integrate into ScanCode to ensure compliance.

Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.

Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and software systems.

Run the complete AboutCode stack, on-premises.

✔ Receive ongoing support for software composition analysis and open source compliance software and processes.

✔ Resolve problems and bugs with service level agreements to maintain production use.

✔ Pull up-to-date data feeds for production use.

Get questions answered by the experts, in private channels.

✔ Gain direct access to the maintainers for insights and advice on securing software supply chains with FOSS and controlling risks and costs, via email, live chat, voice, and video.

✔ Get explicit guidance on installation, upgrades, and backups; and how to use particular features.

✔ Your support supports the maintainers to ensure that your OPSO and supply chain process investments are safely backed by best-in-class tools that are sustained and maintained.

Need AboutCode services beyond support?

Consulting services

nexB’s experts can join your implementation project to ensure successful deployment of the AboutCode stack and secure your software supply chain.

Accelerate new feature development and enhancements from the public roadmap.

AboutCode as a Service

Get started with the AboutCode stack without hosting or infrastructure headaches, with AboutCode SaaS.

Or we can run, operate, and maintain the AboutCode stack – or select components – on your infrastructure or cloud.

Open source audits

Comprehensive Software Composition Analysis (SCA) audits include a full-service approach for acquisition or investment due diligence.

nexB has analyzed millions of lines of code with over 15 years of experience.

To understand what's in their software, companies of all sizes use nexB.