AboutCode is a family of Free and Open Source Software (FOSS) projects focused on discovering, analyzing, and managing metadata about software components.
It helps answer critical questions such as:
- Where does this code originate from?
- Which software package does it belong to?
- What is its license and copyright status?
- Is the code vulnerable or actively maintained?
- What are its dependencies?
- Are there licensing or security risks?
With millions of open-source components available, AboutCode enables organizations and developers to safely consume, manage, and govern open source software.
Note This repository contains information about AboutCode open-source activities.
It does not contain the actual source code of the projects.
Please refer to the Projects section below for links to the individual repositories.
- 🌐 Homepage: http://aboutcode.org
- 📚 Documentation: https://aboutcode.readthedocs.io/en/latest/
- 💬 Community Chat: Gitter | Slack
- 📝 Weekly Meetings: Meeting Minutes
- 🎓 GSoC Information: Wiki
- 📦 Build Status: GitHub Actions
We welcome contributions of all kinds, including:
- Bug fixes
- Documentation improvements
- Feature development
- Code reviews
- Testing
- Read
CONTRIBUTING.md - Look for issues labeled
good first issue - Join the community chat
- Participate in discussions
Key flagship projects include:
- ScanCode Toolkit – Detect licenses, origins, and vulnerabilities in source code and packages.
- ScanCode.io – Web UI and API for running scans in automated pipelines.
- VulnerableCode – Open database of software package vulnerabilities.
- DejaCode – Enterprise compliance and supply chain management platform.
Specialized tools for analyzing:
- Binaries
- Containers
- Source code
- Package metadata
- Programming language ecosystems
These tools integrate with ScanCode Toolkit and ScanCode.io pipelines.
Reusable libraries such as:
- license-expression
- commoncode
- extractcode
- fetchcode
These are used across the AboutCode ecosystem.
AboutCode Data defines conventions for structured metadata exchange across tools and ecosystems, enabling integration with:
- Libraries.io
- OSS Review Toolkit
AboutCode actively supports and collaborates with industry standards, including:
- Package URL (PURL)
- SPDX
- CycloneDX
- ClearlyDefined
These standards improve software transparency, compliance, and supply chain security.
Licensed under the Apache License 2.0.
For community guidelines, see CODE_OF_CONDUCT.rst.