Scan your code

Find open source with open source, with ScanCode.

ScanCode is the most effective and efficient open source tool for Software Composition Analysis (SCA), used and trusted by the Linux kernel maintainers as a code scanning engine.

Add ScanCode Toolkit to your workflow directly or connect ScanCode.io with comprehensive APIs.

Scan your code

Find open source with open source, with ScanCode.

ScanCode is the most effective and efficient open source tool for Software Composition Analysis (SCA), used and trusted by the Linux kernel maintainers as a code scanning engine.

Add ScanCode Toolkit to your workflow directly or connect ScanCode.io with comprehensive APIs.

ScanCode Toolkit is the industry-leading code scanner.

 Identify licenses, copyrights, dependencies and other origin clues directly from your codebase.

 Support all programming languages and environments.

 Update license detection with data – no programming required.

Run ScanCode Toolkit from the command line or automate SCA with ScanCode.io.

Automate SCA with ScanCode.io

ScanCode.io

Define a project to analyze your own code
and third-party code components

Specify a workflow to optimize the scanning and expected results

 Powered by ScanCode Toolkit and 100% open source under Apache 2.0 and other business-friendly licenses

Analyze a complete virtual machine image, or a specific single application package with customizable pipelines

Integrate into DevOps workflows with comprehensive APIs

Get the scan data you need to generate SBOMs

Support all programming languages and environments

Integrate with your DevOps workflows

ScanCode scan_package

Use standard pipelines or customize and create your own

  Run ScanCode.io on Docker or a server with unlimited deployment

Create your own pipelines or use existing pipelines:

  • Docker images (even Windows)
  • Any codebase
  • Linux root filesystem
  • Packages

Trigger scanning pipelines on your code with API calls

Get the scan data you need

Pie charts showing codebase resources

View details of relevant packages

View breakdowns of the different components used in your software

Organize scanning projects with persistent scan data, backed by a database

 Access through a business-friendly web UI or spreadsheets, and a developer-friendly REST API or command-line interface

 Generate an inventory of components and licenses used for compliance, including Software Bill of Materials (SBOMs)

AboutCode is a community that builds critical open source SCA tools, including ScanCode.

scancode-licensedb is a data repository of over 1700 licenses detected by ScanCode

package-url is the emerging standard for identifying software packages

container-inspector is a suite of analysis tools for Docker images, OCI images and Dockerfiles

license_expression is a utility to parse, normalize and compare license expressions (SPDX)

Find open source with open source, with ScanCode.

ScanCode is the industry-leading code scanning engine, used and trusted by 4 out of the 5 Big Tech companies:

Identify any open source components and their license compliance data in an application codebase.

Generate an inventory of components and their licenses to use as the baseline for your FOSS compliance process.

 100% open source under Apache 2.0 and other business-friendly licenses with support for all programming languages and environments.

To use ScanCode, either download ScanCode Toolkit and add it to your workflow directly or run ScanCode.io to automate the SCA process with comprehensive APIs, and specific (and customizable) pipelines.

Scan your codebase directly from the CLI.

Or automate software composition analysis.