Find code, Generate SBOMs, Match code, Scan licenses, Detect vulnerabilities, Comply with CRA,  Automate compliance,
with AboutCode.

Automate compliance,
with AboutCode.

The AboutCode Stack brings together best-in-class open source Software Composition Analysis (SCA) tools to enable organizations of all sizes to ensure open compliance and improve software supply chain security and integrity.

Open source for open source.

Track all components – both open source and third-party.

  Identify vulnerabilities across data sources.

  Automate compliance with organization-wide usage policies.

  Ensure software supply chain integrity with SBOMs.

AboutCode makes open source safer and easier to use by building modular, best-in-class open source tools, data, and standards for Software Composition Analysis (SCA).

The AboutCode stack is optimized for the practical management of open source software for licensing and vulnerability risks to ensure open source compliance, and strengthen software supply chain security and integrity for organizations of all sizes.

ScanCode is the industry-leading open source SCA code scanner.

Identify licenses, copyrights, dependencies and other origin clues directly from your codebase.

 Support all programming languages and environments.

 Update license detection with data – no programming required.

 Run ScanCode Toolkit from the command line or automate SCA with

Find FOSS vulnerabilities, improve FOSS security.

Automate search for FOSS security vulnerabilities, utilizing a free and open database of FOSS package vulnerabilities.

Aggregate and correlate vulnerability data from many sources.

 Access the data through a REST API.

 Based on open data and FOSS tools.

Automate enterprise-wide compliance, with DejaCode.

Run scans and track all the open source and third-party products and components used in your software.

 Apply usage policies at the license or component level, and integrate into other AboutCode projects to ensure compliance.

 Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.

 Ensure open source license and security compliance with enterprise-grade features and integrations for DevOps and software systems.

The AboutCode stack is 100% open source and uses 100% open data.

We are committed to the principles of open development. But we need your help.

We could really use your help to pay the folks building and maintaining these open source projects. Sponsoring AboutCode projects on GitHub goes directly to the maintainers and developers working on open source AboutCode projects.

Need more hands-on support? Get help from the experts! nexB offers advanced support plans and other professional services.

We are community of open source developers making open source easier to use by building critical open source tools for Software Composition Analysis (SCA).

We believe that good open source tools help you use open source.

Check out the code, view installation requirements, create issues, and see other AboutCode projects on GitHub. Documentation for each AboutCode project is available at

Resources on compliance, FOSS, AboutCode projects, SBOMs, SCA, and more.

Read blog posts for insights on topics like Free and Open Source Software and Software Composition Analysis.

Watch recorded webinars to learn more about nexB software like ScanCode and DejaCode.

Or explore our public ScanCode LicenseDB, with over 2,100 definitions of a wide variety of licenses with extensive metadata about each license.