Software Composition Analysis

Track all components, ensure compliance.

DejaCode is a complete enterprise-level application to automate open source license compliance and ensure software supply chain integrity, powered by ScanCode, the industry-leading code scanner.

Enterprise-wide compliance, automated with DejaCode.

Run scans and track all the open source and third-party products and components used in your software.

Apply usage policies at the license or component level, and integrate into ScanCode to ensure compliance.

Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.

Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and software systems.

DejaCode is your system of record for SBOMs.

Managing open source components – especially their licensing and provenance – is a critical part of the Software Composition Analysis (SCA) process. SCA is now a pre-requisite for modern organizations to comply with mandated Software Bill of Materials (SBOM) and other regulations.

Automating FOSS compliance with DejaCode is essential to ensure software supply chain integrity.

Scan a software package, simply by providing its Download URL, to get comprehensive details of its composition and create an SBOM.

Load software package data into DejaCode with the integration for the open source and ScanCode Toolkit projects to create a product’s SBOM.

Track and report vulnerability tracking and reporting by integrating with the open source VulnerableCode project.

Create, publish and share SBOM documents in DejaCode, including detailed attribution documentation and custom reports in multiple file formats and standards, such as CycloneDX and SPDX.

Export and share scan results in your preferred format

Scan your code

Run scans for open source and third-party components and packages with ScanCode, the industry-leading code scanner.

 Identify licenses, copyrights, dependencies and other origin clues directly from your codebase:

  • Use detailed metadata in each DejaCode license definition to help users understand license permissions, obligations, and restrictions.

 Support all programming languages and environments.

 Update license detection with data – no programming required.

Run ScanCode Toolkit directly from the command line or automate SCA with

Enforce usage policies

Set policies with explanatory text and links to related documentation:

  • Use standard policies including Approved, Requires Review, and Prohibited
  • Customize policies based on your organization’s needs and legal requirements

Assign usage policies to licenses:

  • Expedite initial assignments with license categories and mass update features
  • Automate assigning usage policies to components and packages, based on associated license assignments.

 Define the alert level (Error, Warning, None) for each usage policy, with icons for quick reference.

Define your organization's licensing policies for third-party components

Choose your own icons and colors for visual clarity of usage policies

View details of relevant packages

View breakdowns of the different components used in your software

Know what's in your software

Track the components used in your products:

  • Organize scanning projects with persistent scan data, backed by a database
  • Build your product inventory from DejaCode components and packages
  • Leverage the details and history of previous versions to compare new versions of your products
  • Identify inventory items that require a license review

Use DejaCode as the dashboard for current policies and historical actions with your teams.

Run standard or custom reports to analyze product details.

Export the results to your preferred formats for distribution.

Ensure open source compliance

Generate FOSS compliance artifacts, including:

  • Software Bill of Materials (SBOM)
  • Inventory of components and licenses used across products
  • Attribution notice to include with your product

Keep audit trail of compliance activities and data including historical data from scans.

Organize compliance activities with:

  • Business-friendly and easy-to-use GUI
  • Traditional spreadsheets
  • Developer-friendly REST API or CLI

Focus on policy alerts to reduce compliance risk

Unlimited products, components, and packages, with DejaCode.

We make it simple for organizations to automate and ensure FOSS compliance.

Each DejaCode plan allows for an unlimited number of products, components, and packages to be included. Pricing is the same for SaaS and On-premises, and based on an annual subscription paid at the start of your subscription period.

The plans below are our standard pricing, and can be configured based on your organization’s specific requirements. Need more than 100 users? Advanced implementation services? Advisory-style support? Contact us for additional pricing. 


$ 700 monthly
  • 5 to 25 Users
  • Unlimited products
  • Technical training
  • Web and Email support


$ 1400 monthly
  • 26 to 50 Users
  • Unlimited products
  • Technical training
  • Web and Email support


$ 2800 monthly
  • 51 to 100 Users
  • Unlimited products
  • Technical training
  • Web and Email support

Ensuring software license compliance can be difficult.

We can help.

Ready to start scanning your code?

Need to automate FOSS compliance?