Ensure compliance,
with DejaCode.

Automate enterprise-wide continuous compliance with open source DejaCode, your system of record for SBOMs backed by open data.

Enterprise-wide compliance, automated with DejaCode.

Run scans and track all the open source and third-party products and components used in your software.

  Apply usage policies at the license or component level, and integrate into ScanCode to ensure compliance.

  Capture software inventories (SBOMs), generate compliance artifacts, and keep historical data.

  Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and software systems.

All data across teams and products in one system.

DejaCode is your system of record as a single source of truth with quality data for licenses, vulnerabilities, and package provenance and metadata:

Scan a software package with ScanCode, simply by providing its Download URL, to get comprehensive details of its composition and create an SBOM.

Track all the open source and third-party components used in your software across products and teams, including:

  • Public reference data from PurlDB and LicenseDB.
  • Aggregated vulnerability data from VulnerableCode.
  • Additional curated data informed by your organization’s policies.

Share data from scans, policy reviews and approvals, and reports across the organization for a consistent view of packages, licenses, and security risks across teams.

  • Identify open source package use across the organization.
  • Aggregate SBOM data across products and teams.

Enforce usage policies.

Implement clear usage policies for low-cost, low-friction compliance across teams to ensure consistent use of open source components.

Customize policies at the license or component/package level, based on your organization’s needs and legal requirements:

  • Expedite initial assignments with license categories and mass update features.
  • Automate assigning usage policies to components and packages, based on associated license assignments.
  • Define the alert level (Error, Warning, None) for each usage policy, with icons for quick reference.

Integrate policies with ScanCode to uncover licensing issues:

  • See usage policy alerts directly in DejaCode from scanning codebases with ScanCode.
  • Integrate usage policy alerts in CI/CD pipelines for expanded visibility.

Efficiently investigate and triage vulnerabilities.

 Quickly identify known vulnerabilities by package, with VulnerableCode:

  • Implement non vulnerable fixes, when available.
  • See aggregated vulnerability data from multiple sources to accelerate analysis.
  • Filter and organize investigations based on how a package is obtained and used.

Manage SBOMs and automate compliance.

Create, publish and share SBOM documents in DejaCode, for both CycloneDX and SPDX standard formats.

  • Load software package and SBOM data from ScanCode scans into DejaCode to create a product SBOM.
  • Import SBOMs from a supplier or project directly into DejaCode.

Generate compliance artifacts, including including detailed attribution documentation and custom reports in multiple file formats, and keep historical data for an audit trail of compliance activities.

Manage organizational complexity with enterprise-grade features and integrations for DevOps and software systems.

Aggregate SBOM data across products and teams.

Get started quickly with SaaS.

Or install on-premises.​

DejaCode delivers efficient and automated open source license and security compliance with enterprise-level SCA:​

Consolidate SCA and SBOM data – both public and curated, informed by your policies – with a consistent view of packages, licenses, and security risks across the entire organization.

  Enforce consistent use of open source software, with continuous vulnerability reporting, across teams and products.

  Export, import, merge, combine, and organize SBOMs, continuously and effectively.

Open source is made possible by contributions from people like you!

The AboutCode stack is 100% open source and uses 100% open data. We are committed to the principles of open development. But we need your help.

We could really use your help to pay the folks building these open source projects. Sponsoring AboutCode projects on GitHub goes directly to the maintainers and developers working on open source AboutCode projects.

Need more hands-on support? Get help from the experts! nexB offers advanced support plans and other professional services.