Software Composition Analysis Python Packages

scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

74K 3K 720

ca9

CVE reachability analysis for Python. Stop fixing vulnerabilities that don't affect you. Static + dynamic analysis to cut SCA noise from Snyk, Dependabot, Trivy, and others.

62K 4 0

scanoss

The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.

30K 41 25

dependency-check

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

27K 50 12

ossindex-lib

Python library for querying OSS Index

12K 2 4

aboutcode-pipeline

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

8K 201 191

scancode-toolkit-mini

5K 3K 720

scancodeio

4K 201 191

surfactant

Modular framework for file information extraction and dependency analysis to generate accurate SBOMs

2K 40 23

tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

2K 1K 188

licensedcode-index

1K 3K 721

licensedcode-data

A packaging of the ScanCode licensedb license and license rules database.

486 3K 721

semantic-copycat-src2id

Source to ID - Identify package coordinates and repositories from source code using multiple strategies

183 3 0

src2purl

SRC2PURL - Source Code to Package URL

146 3 0

Search Packages