oss-compliance

🔎 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

A suite of tools to assist with reviewing Open Source Software dependencies.

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

A compilation of resources in the software supply chain security domain, with emphasis on open source

📊 ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.

This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles

project barista - open source license and vulnerability management

A light-weight app to audit and inventory large codebases for open source license compliance.

Curated list of security tools

Cool links, tools & papers related to Open Source Licensing

DeltaCode: compare two codebase scans (from ScanCode) to detect significant changes.

A desktop workbench for OSS Review Toolkit result files.

CLI for software license check

📝 Detect what license a project is distributed under

See who wrote each line of code in your git repository with interactive reports.

Check a GitHub organization's repositories' license choices

OpenChain Specification

Legal Notifications, EULAs, ToS, GDPR, Software License Assessments and SPDX Licenses that we use

Deploy scripts for FOSSology Docker container