Scan and analyze your code for origin and license

An open-source solution to run and customize scripted pipelines based on ScanCode-toolkit, the world’s most popular open-source codebase scanning engine!

License key chart

Persistent scan data

Backed by a database, persists and organizes all of your scanning projects and make them accessible through a Web UI, a JSON REST API, and a command-line interface.

Docker pipeline steps

Made for customization

Scanning pipelines are designed to be easily extended and remixed; they can integrate many tools in an elegant, unified framework.

Powered by Apache

Apache licensed is Apache-licensed that is written in Python with Django and Django REST Framework (DRF). It has extensive documentation to help get you started and is supported by an active community of users and adopters. is a server to script and automate the process of Software Composition Analysis (SCA) to identify any open source components and their license compliance data in an application’s codebase. integrates the ScanCode-toolkit and other libraries to determine the origin and license —provenance— of open source and other third-party software using scripted pipelines. It has several applications, including Docker container and VM composition analyses, among other use cases.

Because there is no one fits all when scanning different codebases, lets you choose a scanning pipeline that fits your project needs. For example, provides a specific pipeline to analyze Docker containers into its detailed file systems and application packages. It also equally handles Debian, RPM, and Alpine Linux distributions—each with its own unique characteristics—.

Further, allows you to analyze a complete virtual machine image, or specifically a single application package, each with specialized pipelines.