At nexB, we have been creating, contributing to and using free and open source software from the start. We contribute back to projects that we use, and we sponsor our own open source projects for software provenance analysis (ScanCode) and open source attribution compliance (AboutCode). We think that it is particularly important that there be good open source tools that help you use open source including compliance with license obligations.
Discovering the license for a free and open source code is important, but it should not be as hard as it seems today. ScanCode is a new open source scanning solution to accurately identify the license(s) of the code you want to consume.
With ScanCode, a development team can start scanning code on their own! You can now focus on whether the license is OK for your organization and if the code works for your projected use. These are the important questions. To learn more or to contribute, visit our scancode-toolkit project on GitHub.
AboutCode helps you automate compliance with open source license obligations throughout the software development lifecycle. AboutCode provides a simple way to document the provenance (origin and license) of open source and third-party software components that you use and enables you to automate creation of attribution notices and redistribution packages.
An ABOUT file is a small text file stored in the codebase side-by-side with the software component file or archive that it documents. To learn more or to contribute, visit our project on GitHub or visit our AboutCode.org website.
TraceCode helps you determine which components are actually distributed or deployed for your product. This is essential information for determining your open source license obligations because many are only triggered by distribution or deployment.
TraceCode is a tool to analyze the traced execution of a build, so you can learn which files are built into binaries and ultimately deployed in your distributed software.