
nexB on Software Bill of Materials and Software Composition Analysis
We’ve never seen anything that raises the urgency for Software Composition Analysis like this.
We’ve never seen anything that raises the urgency for Software Composition Analysis like this.
What is actually legally required? What is the best way to meet FOSS attribution obligations?
Watch recorded webinars and conference talks to learn more about FOSS, SCA, and software like ScanCode, VulnerableCode and DejaCode.
Explore more than 1,400 license definition, plus extensive metadata about each license, and, as available, a link to the corresponding entry in the SDPX license list.
Documentation for each AboutCode project (including ScanCode Toolkit) is available at aboutcode.readthedocs.io.
Check out the code, view installation requirements, and create support issues for each AboutCode project on GitHub.
Join the nexB team and AboutCode community on Gitter to ask questions or discuss AboutCode projects.
At nexB, we have been creating, contributing to and using free and open source software from the start. We contribute back to projects that we use, and we sponsor our own open source projects for software provenance analysis (ScanCode) and open source attribution compliance (AboutCode). We believe that good open source tools help you use open source, including compliance with license obligations.
Software Package Data Exchange (SPDX) specification is a standard format for communicating the components, licenses and copyrights associated with a software package. We are co-founders of this working group from the Linux Foundation.
The aim of SPDX is to reduce redundant work by providing a common format for companies and communities to share information across the supply chain, thereby streamlining and improving compliance.
The Linux Foundation is a non-profit consortium dedicated to fostering the growth of Linux. Founded in 2000, The Linux Foundation sponsors the work of Linux creator Linus Torvalds and is supported by leading Linux and open source companies and developers from around the world.
nexB has been a Silver member since 2013. We are a vendor for the Commercial Compliance Tools which is approved by the Linux Foundation.