✔ Identify licenses, copyrights, dependencies and other origin clues directly from your codebase.
✔ Support all programming languages and environments.
✔ Update license detection with data – no programming required.
Define a project to analyze
your own code
and third-party code components
Specify a workflow to optimize the scanning and expected results
✔ Powered by ScanCode Toolkit and 100% open source under Apache 2.0 and other business-friendly licenses
✔ Analyze a complete virtual machine image, or a specific single application package with customizable pipelines
✔ Integrate into DevOps workflows with comprehensive APIs
✔ Get the scan data you need to generate SBOMs
✔ Support all programming languages and environments
✔ Run ScanCode.io on Docker or a server with unlimited deployment
✔ Create your own pipelines or use existing pipelines:
✔ Trigger scanning pipelines on your code with API calls
Use standard pipelines or customize and create your own
View details of relevant packages
✔ Organize scanning projects with persistent scan data, backed by a database
✔ Access through a business-friendly web UI or spreadsheets, and a developer-friendly REST API or command-line interface
✔ Generate an inventory of components and licenses used for compliance, including Software Bill of Materials (SBOMs)
✔ scancode-licensedb is a data repository of over 1700 licenses detected by ScanCode
✔ package-url is the emerging standard for identifying software packages
✔ container-inspector is a suite of analysis tools for Docker images, OCI images and Dockerfiles
✔ license_expression is a utility to parse, normalize and compare license expressions (SPDX)
ScanCode is the industry-leading code scanning engine, used and trusted by 4 out of the 5 Big Tech companies:
✔ Identify any open source components and their license compliance data in an application codebase.
✔ Generate an inventory of components and their licenses to use as the baseline for your FOSS compliance process.
✔ 100% open source under Apache 2.0 and other business-friendly licenses with support for all programming languages and environments.
To use ScanCode, either download ScanCode Toolkit and add it to your workflow directly or run ScanCode.io to automate the SCA process with comprehensive APIs, and specific (and customizable) pipelines.
DejaCode is the complete enterprise-level open source license compliance application, powered by ScanCode:
✔ Run scans and track all the open source and third-party products and components used in your software.
✔ Define usage policies at the license or component level, and integrate into ScanCode to ensure compliance.
✔ Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.
✔ Manage organizational complexity with enterprise-grade features and integrations for DevOps and software systems.
Ready to start scanning your code?
Need to automate FOSS compliance?