AboutCode is a family of FOSS projects that helps uncover important information about software:
- Origin and package information
- Licensing and copyright details
- Vulnerability status and maintenance
- Dependency relationships and potential issues
Our mission is to make software provenance transparent so everyone can safely reuse open source components.
Note: This repository contains project information. For code repositories, see the Projects section below or visit our wiki to get involved.
- Homepage: aboutcode.org
- Documentation: aboutcode.readthedocs.io
- Community Chat:
- Weekly Meetings: Meeting Minutes
- ScanCode Toolkit - Code scanning for origins and licenses (Lead: @pombredanne)
- Scancode.io - Web-based scanning pipelines (Lead: @tdruez)
- VulnerableCode - Vulnerability database (Maintainers: @tg1999, @pombredanne)
- AboutCode Toolkit - Code provenance documentation (Lead: @chinyeungli)
- univers - Package version comparison
- purlDB - Package URL database (Maintainer: @jyang)
- FetchCode - Reliable code fetching
- container-inspector - Docker image analysis
- python-inspector - Python dependency resolution
- nuget-inspector - NuGet dependency resolution
- TraceCode Toolkit - File origin tracing
- license-expression - SPDX license expression parsing
We contribute to these important standards:
- Package URL - Software package reference standard
- SPDX - Software provenance specification
- CycloneDX - Software Bill of Materials standard
- ClearlyDefined - License clarity project
Licensed under Apache 2.0