A typical software project often reuses hundreds of third-party packages. License, packages, dependencies and origin information is not always easy to find and not normalized: ScanCode discovers and normalizes this data for you. You can scan containers, binaries, source archives, code snippets/files or any code repository, or their dependencies, and look for software licensing issues, vulnerabilities, community health metrics, origin, other similar/matching FOSS code, and this is available as a CLI tool, python library, as a webapp with docker/k8s or as a GitHub action. Along with our FOSS projects to scan code, we also release open data to use with the tools and provide instances of these tools/APIs for public use.

A typical software project often reuses hundreds of third-party packages. License, packages, dependencies and origin information is not always easy to find and not normalized: ScanCode discovers and normalizes this data for you. You can scan containers, binaries, source archives, code snippets/files or any code repository, or their dependencies, and look for software licensing issues, vulnerabilities, community health metrics, origin, other similar/matching FOSS code, and this is available as a CLI tool, python library, as a webapp with docker/k8s or as a GitHub action. Along with our FOSS projects to scan code, we also release open data to use with the tools and provide instances of these tools/APIs for public use.