Know what's in your software. Ensure open source compliance.

Find open source and third-party components and vulnerabilities with ScanCode, VulnerableCode, and other AboutCode tools, automate open source compliance with DejaCode, and leverage nexB’s expertise with SCA services.

Know what's in your software. Ensure open source compliance.

Find open source and third-party components and vulnerabilities with ScanCode, VulnerableCode, and other AboutCode tools, automate open source compliance with DejaCode, and leverage nexB’s expertise with SCA services.

Open source compliance is a requirement for every organization.​

Modern software products and systems are composed of up to 80% open source components. Software development teams face tremendous challenges tracking all open source and third-party components, including dependencies and compliance obligations – legacy spreadsheets can longer manage the high volume and rate of change.

Managing open source components – especially their licensing and provenance – is a critical part of the Software Composition Analysis (SCA) process. SCA is now a pre-requisite for modern organizations to comply with mandated Software Bill of Materials (SBOM) and other regulations. Automating FOSS compliance is essential to ensure software supply chain integrity.

Companies of all sizes choose ScanCode, VulnerableCode and other AboutCode tools for open source SCA tooling, DejaCode for compliance automation, and nexB for open source expertise.

Find open source with open source, with ScanCode.

Scan your codebase directly from the CLI.

Or automate SCA.

Discover open source components in your software with ScanCode, the leading open source code scanning engine, used and trusted by 4 of the 5 Big Tech companies:

Identify any open source components and their license compliance data in an application codebase.

Generate an inventory of components and their licenses to use as the baseline for your FOSS compliance process.

 100% open source under Apache 2.0 and other business-friendly licenses with support for all programming languages and environments.

Either download ScanCode Toolkit and add it to your workflow directly or run ScanCode.io to automate the SCA process with comprehensive APIs and specific, customizable pipelines.

Find FOSS vulnerabilities across data sources, with VulnerableCode.

And improve FOSS security in modern applications.

The explosion of FOSS usage across industries requires a new approach to efficiently identify FOSS security vulnerabilities – one based on open data and FOSS tools, not proprietary and privately maintained databases built for proprietary software components.

VulnerableCode is a FOSS tool to automate search for FOSS security vulnerabilities, utilizing a free and open database of FOSS package vulnerabilities.

By collecting and parsing data from many sources, identifying packages with a standardized package-url, and accessing the data through a REST API, VulnerableCode addresses key security concerns for using FOSS code in modern applications.

AboutCode is a community that builds critical open source SCA tools.

scancode-licensedb is a data repository of over 1700 licenses detected by ScanCode

package-url is the emerging standard for identifying software packages

container-inspector is a suite of analysis tools for Docker images, OCI images and Dockerfiles

license_expression is a utility to parse, normalize and compare license expressions (SPDX)

Ensure enterprise-wide compliance, automated with DejaCode.

Track all components.

DejaCode is your system of record for SBOMs.

DejaCode is the complete enterprise-level open source license compliance application, powered by ScanCode:

Run scans and track all the open source and third-party products and components used in your software.

Define usage policies at the license or component level, and integrate into ScanCode to ensure compliance.

Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.

Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and software systems.

We can help find and fix any compliance problems, quickly.

nexB offers comprehensive Software Composition Analysis (SCA) services, ranging from a full-service approach for an acquisition due diligence project to an audit of a Software Bill of Materials (SBOM) from your engineering team or a supplier.

 Concise reports detailing any detected issues, with practical remediations for each.

 Practical remediations for any detected issues.

Complete SBOM and inventories for each product.

Minimal impact of product and software engineering teams.

With over twelve years of experience providing SCA services to organizations of all sizes, the nexB team has analyzed hundreds of products and millions of lines of code.

To understand what's in their software, companies of all sizes use nexB.