Software Composition Analysis

Track all components, ensure compliance.

DejaCode is an open source, complete enterprise-level application to automate open source license compliance and ensure software supply chain integrity, powered by ScanCode, the industry-leading code scanner.

Software Composition Analysis

Track all components, ensure compliance.

DejaCode is a complete enterprise-level application to automate open source license compliance and ensure software supply chain integrity, powered by ScanCode, the industry-leading code scanner.

Enterprise-wide compliance, automated with DejaCode.

Run scans and track all the open source and third-party products and components used in your software.

Apply usage policies at the license or component level, and integrate into ScanCode to ensure compliance.

Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.

Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and software systems.

DejaCode is your system of record for SBOMs.

Managing open source components – especially their licensing and provenance – is a critical part of the Software Composition Analysis (SCA) process. SCA is now a pre-requisite for modern organizations to comply with mandated Software Bill of Materials (SBOM) and other regulations.

Automating FOSS compliance with DejaCode is essential to ensure software supply chain integrity.

Scan a software package, simply by providing its Download URL, to get comprehensive details of its composition and create an SBOM.

Load software package data into DejaCode with the integration for the open source ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM.

Track and report vulnerability tracking and reporting by integrating with the open source VulnerableCode project.

Create, publish and share SBOM documents in DejaCode, including detailed attribution documentation and custom reports in multiple file formats and standards, such as CycloneDX and SPDX.

Scan your code

docker-centos scan result

Export and share scan results in your preferred format

Run scans for open source and third-party components and packages with ScanCode, the industry-leading code scanner.

 Identify licenses, copyrights, dependencies and other origin clues directly from your codebase:

  • Use detailed metadata in each DejaCode license definition to help users understand license permissions, obligations, and restrictions.

 Support all programming languages and environments.

 Update license detection with data – no programming required.

Run ScanCode Toolkit directly from the command line or automate SCA with ScanCode.io.

Run scans for open source and third-party components and packages with ScanCode, the industry-leading code scanner.

 Identify licenses, copyrights, dependencies and other origin clues directly from your codebase:

  • Use detailed metadata in each DejaCode license definition to help users understand license permissions, obligations, and restrictions.

 Support all programming languages and environments.

 Update license detection with data – no programming required.

Run ScanCode Toolkit directly from the command line or automate SCA with ScanCode.io.

Starship

Define your organization's licensing policies for third-party components

Choose your own icons and colors for visual clarity of usage policies

Enforce usage policies

Starship

Define your organization's licensing policies for third-party components

Choose your own icons and colors for visual clarity of usage policies

Set policies with explanatory text and links to related documentation:

  • Use standard policies including Approved, Requires Review, and Prohibited
  • Customize policies based on your organization’s needs and legal requirements

Assign usage policies to licenses:

  • Expedite initial assignments with license categories and mass update features
  • Automate assigning usage policies to components and packages, based on associated license assignments.

 Define the alert level (Error, Warning, None) for each usage policy, with icons for quick reference.

Know what's in your software

Pie charts showing codebase resources

View details of relevant packages

View breakdowns of the different components used in your software

Track the components used in your products:

  • Organize scanning projects with persistent scan data, backed by a database
  • Build your product inventory from DejaCode components and packages
  • Leverage the details and history of previous versions to compare new versions of your products
  • Identify inventory items that require a license review

Use DejaCode as the dashboard for current policies and historical actions with your teams.

Run standard or custom reports to analyze product details.

Export the results to your preferred formats for distribution.

Pie charts showing codebase resources

View details of relevant packages

View breakdowns of the different components used in your software

Ensure open source compliance

Software Bill of Materials

Focus on policy alerts to reduce compliance risk

Generate FOSS compliance artifacts, including:

  • Software Bill of Materials (SBOM)
  • Inventory of components and licenses used across products
  • Attribution notice to include with your product

Keep audit trail of compliance activities and data including historical data from scans.

Organize compliance activities with:

  • Business-friendly and easy-to-use GUI
  • Traditional spreadsheets
  • Developer-friendly REST API or CLI
Software Bill of Materials

Focus on policy alerts to reduce compliance risk

Unlimited products, components, and packages, with DejaCode.

DejaCode makes it simple for organizations to automate and ensure FOSS compliance.

DejaCode is now open source, as part of the complete AboutCode stack.