🔎 ScanCode scans code and detects licenses, copyrights, package manifests & dependencies and more ... to discover and inventory open source and third-party packages used in your code.
Failed to load latest commit information.
etc Add contains_source_code flag to Package #1247 Nov 12, 2018
plugins Update plugins ABOUT files #934 Nov 11, 2018
samples Streamlined samples. Sep 8, 2015
src Merge pull request #1280 from nexB/1278-1247-package-model-updates Nov 12, 2018
tests Merge pull request #1280 from nexB/1278-1247-package-model-updates Nov 12, 2018
thirdparty Correct ABOUT file #806 Nov 11, 2018
.bumpversion.cfg Post tagging bump Oct 26, 2018
.coveragerc Remove unused code Jun 4, 2018
.gitignore Upgrade all thirdparty libraries Jun 5, 2018
.travis.yml Disable about check on tests #934 Nov 11, 2018
AUTHORS.rst Add full name to license data in output Sep 3, 2018
CHANGELOG.rst Update CHANGELOG with latest changes #1146 Nov 6, 2018
CONTRIBUTING.rst Correct issues link Feb 8, 2018
MANIFEST.in Revert "Automatically (re-)configure if Git commits have changed" Sep 26, 2017
NOTICE NOTICE: Update the Copyright year Jan 11, 2017
README.rst Fix example scancode command #1136 Jul 18, 2018
apache-2.0.LICENSE Ensure full, verbatim text of Apache license is used Nov 4, 2016
appveyor.yml Run license tests verbosely on Appveyor Sep 19, 2018
cc0-1.0.LICENSE Initial commit. Jul 1, 2015
codecov.yml Add codecov configuration Jun 8, 2018
configure Place all third-party packages under thirdparty #1219 Oct 19, 2018
configure.bat Restore space at end of line #1219 Oct 22, 2018
extractcode #55 Ensured that root scripts can be called from anywhere Aug 14, 2015
extractcode.bat Use Scripts dir rather than bin junction #1129 Jul 20, 2018
scancode SCANCODE_ROOT_DIR may contain spaces Nov 23, 2017
scancode-toolkit.ABOUT Correct and cleanup ABOUT files #934 Nov 7, 2018
scancode.bat Use Scripts dir rather than bin junction #1129 Jul 20, 2018
setup.cfg Revert "Create only tar.gz sdist" Oct 19, 2018
setup.py Post tagging bump Oct 26, 2018


ScanCode toolkit

A typical software project often reuses hundreds of third-party packages. License and origin information is often scattered, not easy to find and not normalized: ScanCode discovers and normalizes this data for you.

ScanCode is a suite of command line utilities to reliably scan a codebase for license, copyright, package manifests and direct dependencies and other interesting origin and licensing information discovered in source and binary code files.

ScanCode is used by several projects and organizations such as the Eclipse Foundation, Here.com Open Source Review Toolkit, ClearlyDefined and RedHat Fabric8 analytics.

ScanCode provides comprehensive scan results that you can save as JSON, HTML, CSV or SPDX. And you can use the companion AboutCode Manager GUI app to review, search and display scan results, statistics and graphics.

ScanCode is programed primarily in Python (with some C/C++ when performance is critical). License and copyright detection use multiple techniques borrowed from NLP, ML and information retrieval such as feature extraction, probabilistic searches using inverted indexes, multi-patterns automatons and multiple local sequence alignments for comprehensive, accurate and reasonably fast scanning. ScanCode is easily extensible with plugins to contribute new and improved scanner, data summarization and outputs.

As a command line application returning JSON, ScanCode is easy to integrate in a code analysis pipeline and Ci/CD.

We are continuously working on new features, such as detecting more package manifests or improving scanning accuracy and performance and welcome contributions.

See our roadmap for upcoming features: https://github.com/nexB/scancode-toolkit/wiki/Roadmap

Build and tests status

Branch Coverage Linux/macOS Windows
Master Master branch test coverage (Linux) Linux Master branch tests status Windows Master branch tests status
Develop Develop branch test coverage (Linux) Linux Develop branch tests status Windows Develop branch tests status

Quick Start

Install Python 2.7 then download and extract the latest ScanCode release https://github.com/nexB/scancode-toolkit/releases/

Then run ./scancode -h for help.



Next, download and extract the latest ScanCode release from https://github.com/nexB/scancode-toolkit/releases/

Open a terminal window and then cd to the extracted ScanCode directory and run this command to display help. ScanCode will self-configure if needed:

./scancode --help

You can run an example scan printed on screen as JSON:

./scancode -clip --json-pp - samples

See more command examples:

./scancode --examples

Archives extraction

The archives that exist in a codebase must be extracted before running a scan: ScanCode does not extract files from tarballs, zip files, etc. as part of the scan. The bundled utility extractcode is a mostly-universal archive extractor. For example, this command will recursively extract the mytar.tar.bz2 tarball in the mytar.tar.bz2-extract directory:

./extractcode mytar.tar.bz2

Documentation & FAQ


See also https://aboutcode.org for related companion projects and tools.


If you have a problem, a suggestion or found a bug, please enter a ticket at: https://github.com/nexB/scancode-toolkit/issues

For discussions and chats, we have:

Source code and downloads


  • Apache-2.0 with an acknowledgement required to accompany the scan output.
  • Public domain CC-0 for reference datasets.
  • Multiple licenses (GPL2/3, LGPL, MIT, BSD, etc.) for third-party components.

See the NOTICE file and the .ABOUT files that document the origin and license of the third-party code used in ScanCode for more details.