Repositories list

• purldb

  Public
  Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

  purlpackage-url

  HTML

  •35•52•292•8•Updated Sep 6, 2025Sep 6, 2025

• scancode.io

  Public
  ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

  dockeropen-sourcevirtual-machine+ 10vulnerabilitieslicensespdxscascancodesoftware-composition-analysispurl+ 3

  Python

  •

  Apache License 2.0

  •112•149•407•20•Updated Sep 5, 2025Sep 5, 2025

• aboutcode-mirror-kev

  Public
  AboutCode Mirror for CISA Known Exploited Vulnerabilities

  3•0•0•0•Updated Sep 5, 2025Sep 5, 2025

• vulnerablecode

  Public
  A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

  securityvulnerabilitysnyk+ 15vulnerability-databasesvulndbcvecpenvdvulnerability-detectionosv+ 8

  Python

  •

  Apache License 2.0

  •238•629•642•59•Updated Sep 4, 2025Sep 4, 2025

• purl-spec

  Public
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

  Python

  •

  Other

  •197•0•69•0•Updated Sep 4, 2025Sep 4, 2025

• purl-benchmarks

  Public
  AboutCode PURL Accuracy Benchmarks

  0•1•0•1•Updated Sep 3, 2025Sep 3, 2025

• aboutcode

  Public
  AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/

  securitylicensesca+ 5scancodepurlsbomaboutcodedejacode

  Batchfile

  •174•238•28•21•Updated Sep 1, 2025Sep 1, 2025

• packageurl-java

  Public
  Java/JVM implementation of the package url spec

  Java

  •

  MIT License

  •20•0•0•0•Updated Aug 31, 2025Aug 31, 2025

• packageurl.rs

  Public
  Rust implementation of the Package URL specification.

  Rust

  •

  MIT License

  •14•0•0•0•Updated Aug 31, 2025Aug 31, 2025

• packageurl-go

  Public
  Go implementation of the package url spec

  Go

  •

  MIT License

  •52•0•0•0•Updated Aug 28, 2025Aug 28, 2025

• scancode-licensedb

  Public
  A free and open database of all the licenses, in particular all the open source software licenses

  fosslicensescancode-toolkit+ 1scancode-licensedb

  Makefile

  •9•52•21•3•Updated Aug 22, 2025Aug 22, 2025

• scancode-toolkit

  Public
  🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

  licensingpackagesopen-source-licensing+ 17dependency-graphprovenancedependencieslicensespdxcopyrightsca+ 10

  Python

  •602•2.4k•1.1k•50•Updated Aug 21, 2025Aug 21, 2025

• vulntotal-extension

  Public
  CSS

  •3•1•4•4•Updated Aug 21, 2025Aug 21, 2025

• univers

  Public
  Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!

  package-managerversioningversion+ 7vulnerabilitiesdependenciesosvdependency-resolverpurlpackage-urlvulnerablecode

  Python

  •19•37•43•12•Updated Aug 20, 2025Aug 20, 2025

• scancode-action

  Public
  Run ScanCode.io pipelines from your Workflows

  licensespdxscancode+ 1cyclonedx

  Apache License 2.0

  •1•9•7•4•Updated Aug 19, 2025Aug 19, 2025

• .github

  Public
  aboutcode Homepage @ GitHub

  Apache License 2.0

  •0•1•0•0•Updated Aug 18, 2025Aug 18, 2025

• dejacode

  Public
  Automate open source license compliance and ensure software supply chain integrity

  open-sourcevulnerabilitieslicense+ 7spdxscascancodepurlpackage-urlcyclonedxfoss-compliance

  Python

  •

  GNU Affero General Public License v3.0

  •14•34•75•1•Updated Aug 15, 2025Aug 15, 2025

• ort

  Public
  A suite of tools to assist with reviewing Open Source Software dependencies.

  Kotlin

  •

  Apache License 2.0

  •348•2•0•0•Updated Aug 15, 2025Aug 15, 2025

• scancode.io-tutorial

  Public
  Tutorial code and test files for ScanCode.io and ScanPipe

  Creative Commons Zero v1.0 Universal

  •0•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• vendy

  Public
  Vendy is a tool for vendoring third-party packages into your project.

  Python

  •

  Apache License 2.0

  •3•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• romp

  Public
  Python

  •

  MIT License

  •7•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• fingerprints

  Public
  Make it easier to compare and cross-reference the names of companies and people by applying strong normalisation.

  Python

  •

  MIT License

  •19•0•0•1•Updated Aug 14, 2025Aug 14, 2025

• binaryornot

  Public
  Ultra-lightweight pure Python package to check if a file is binary or text.

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •46•1•0•0•Updated Aug 14, 2025Aug 14, 2025

• python-semanticversion

  Public
  Semantic version comparison for Python (see http://semver.org/)

  Python

  •

  BSD 2-Clause "Simplified" License

  •73•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• regipy

  Public
  Regipy is an os independent python library for parsing offline registry hives

  Python

  •

  MIT License

  •56•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• GoReSym

  Public
  Go symbol recovery tool

  Go

  •

  MIT License

  •81•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• versatile

  Public
  Java implementation of vers, a mostly universal version range specifier

  Java

  •

  Apache License 2.0

  •6•1•0•0•Updated Aug 13, 2025Aug 13, 2025

• source-inspector

  Public
  Tools to inspect source code and code symbols

  C

  •1•1•13•0•Updated Aug 12, 2025Aug 12, 2025

• go-inspector

  Public
  An inspector for Go language-based source, binaries, packages, dependencies and metadata

  Python

  •3•0•2•1•Updated Aug 9, 2025Aug 9, 2025

• cyseq

  Public
  Python

  •0•1•1•0•Updated Aug 7, 2025Aug 7, 2025