At nexB, we have been creating, contributing to and using free and open source software from the start. We contribute back to projects that we use, and we sponsor our own open source projects for software provenance analysis (ScanCode) and open source attribution compliance (AboutCode). We think that it is particularly important that there be good open source tools that help you use open source including compliance with license obligations.
ScanCode Workbench provides a GUI to help you evaluate copyright, license and other provenance information from a ScanCode Scan file and record your conclusion about the effective license(s) for a component or package. The Workbench provides separate dashboards for Files, Licenses and Packages plus Tree and Table Views of your scanned codebase.
Discovering the license for a free and open source code is important, but it should not be as hard as it seems today. ScanCode is a new open source scanning solution to accurately identify the license(s) of the code you want to consume.
With ScanCode, a development team can start scanning code on their own! You can now focus on whether the license is OK for your organization and if the code works for your projected use. These are the important questions. To learn more or to contribute, visit our scancode-toolkit project on GitHub.
DeltaCode allows you to easily compare ScanCode scans for two versions of a package, component, codebase or product in order to quickly identify possible changes with a focus on identifying license changes. DeltaCode reports matching files with a score and a list of factors that contribute to that score.
You can use DeltaCode with ScanCode to identify and track license and related changes in open source or third party software packages or components from release to release.
AboutCode Toolkit provides a simple way to (1) document the provenance (origin and license) of open source and third-party software components that you use and (2) automate creation of attribution notices and redistribution packages.
An ABOUT file is a small text file stored in the codebase side-by-side with the software component file or archive that it documents. To learn more or to contribute, visit our project on GitHub.
TraceCode Toolkit helps you determine which components are actually distributed or deployed for your product. This is essential information for determining your open source license obligations because many are only triggered by distribution or deployment.
TraceCode Toolkit is a tool to analyze the traced execution of a build, so you can learn which files are built into binaries and ultimately deployed in your distributed software.
License Expression is small utility library to parse, compare, simplify and normalize license expressions (e.g. SPDX license expressions) using boolean logic such as: GPL-2.0 or later WITH Classpath Exception AND MIT.