Repositories list

• vulnerablecode

  Public

  aboutcode-org/vulnerablecode’s past year of commit activity
  A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

  securityvulnerabilitysnyk+ 15vulnerability-databasesvulndbcvecpenvdvulnerability-detectionosv+ 8

  Python

  •

  Apache License 2.0

  •266•642•679•86•Updated Jan 26, 2026Jan 26, 2026

• aboutcode-mirror-nuget-catalog

  Public

  aboutcode-org/aboutcode-mirror-nuget-catalog’s past year of commit activity
  Append-only mirror of NuGet Catalog, updated hourly

  Python

  •3•1•0•0•Updated Jan 26, 2026Jan 26, 2026

• purlvalidator-go

  Public
  Offline Package URL validator using a prebuilt FST of known packages.

  fstpurlairgapped+ 2sbom-toolpackageurl

  Go

  •

  Apache License 2.0

  •0•0•0•0•Updated Jan 26, 2026Jan 26, 2026

• purl-validator.rs

  Public

  aboutcode-org/purl-validator.rs’s past year of commit activity
  Offline Package URL validator using a prebuilt FST of known packages.

  fstpurlairgapped+ 2sbom-toolpackageurl

  Rust

  •

  Apache License 2.0

  •2•0•1•2•Updated Jan 26, 2026Jan 26, 2026

• www.aboutcode.org

  Public

  aboutcode-org/www.aboutcode.org’s past year of commit activity
  Docusaurus/markdown-based repository for the aboutcode.org website.

  JavaScript

  •9•2•50•1•Updated Jan 26, 2026Jan 26, 2026

• purldb

  Public

  aboutcode-org/purldb’s past year of commit activity
  Tools to create and deploy a database of software packages metadata, origin, dependencies, and license keyed by PURLs (Package URLs). Supported by AboutCode, sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ , nexB and other fine supporters. Chat is at https://gitter.im/aboutcode-org/discuss

  purlpackage-url

  HTML

  •46•58•288•10•Updated Jan 24, 2026Jan 24, 2026

• aboutcode-mirror-kev

  Public

  aboutcode-org/aboutcode-mirror-kev’s past year of commit activity
  AboutCode Mirror for CISA Known Exploited Vulnerabilities

  4•1•0•0•Updated Jan 24, 2026Jan 24, 2026

• matchcode-toolkit

  Public

  aboutcode-org/matchcode-toolkit’s past year of commit activity
  A collection of plugins that makes matchcode-related functions available for scancode-toolkit and scancode.io.

  C

  •2•6•0•0•Updated Jan 24, 2026Jan 24, 2026

• vulnerablecode-ai-experiments

  Public

  aboutcode-org/vulnerablecode-ai-experiments’s past year of commit activity
  Experiments with AI to analyze vulnerabilities

  Python

  •3•1•4•2•Updated Jan 23, 2026Jan 23, 2026

• scancode-licensedb

  Public
  A free and open database of all the licenses, in particular all the open source software licenses

  fosslicensescancode-toolkit+ 1scancode-licensedb

  Makefile

  •10•58•21•3•Updated Jan 22, 2026Jan 22, 2026

• scancode-toolkit

  Public

  aboutcode-org/scancode-toolkit’s past year of commit activity
  🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

  licensingpackagesopen-source-licensing+ 17dependency-graphprovenancedependencieslicensespdxcopyrightsca+ 10

  Python

  •677•2.5k•1.2k•106•Updated Jan 22, 2026Jan 22, 2026

• scancode.io

  Public
  ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

  dockeropen-sourcevirtual-machine+ 10vulnerabilitieslicensespdxscascancodesoftware-composition-analysispurl+ 3

  Python

  •

  Apache License 2.0

  •161•169•423•43•Updated Jan 22, 2026Jan 22, 2026

• container-inspector

  Public
  container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relate to each other. It can also handle OCI images and Dockerfiles.

  dockerdocker-imagecontainer+ 3oci-imagecontainer-imagecontainer-analysis

  Python

  •10•37•19•5•Updated Jan 21, 2026Jan 21, 2026

• source-inspector

  Public

  aboutcode-org/source-inspector’s past year of commit activity
  Tools to inspect source code and code symbols

  C

  •2•2•12•0•Updated Jan 20, 2026Jan 20, 2026

• thirdparty-packages

  Public

  aboutcode-org/thirdparty-packages’s past year of commit activity
  A collection of various pre-built thirdparty packages with their corresponding source code

  HTML

  •2•1•2•0•Updated Jan 13, 2026Jan 13, 2026

• dejacode

  Public
  Automate open source license compliance and ensure software supply chain integrity

  open-sourcevulnerabilitieslicense+ 7spdxscascancodepurlpackage-urlcyclonedxfoss-compliance

  Python

  •

  GNU Affero General Public License v3.0

  •18•37•82•2•Updated Jan 12, 2026Jan 12, 2026

• typecode

  Public

  aboutcode-org/typecode’s past year of commit activity
  TypeCode provides comprehensive filetype and mimetype detection using multiple detectors including libmagic (included as a dependency for Linux, Windows and macOS) and Pygments.

  Python

  •13•9•13•3•Updated Jan 9, 2026Jan 9, 2026

• commoncode

  Public
  A library of common functions shared in many other AboutCode projects

  Python

  •22•4•11•2•Updated Jan 8, 2026Jan 8, 2026

• aboutcode-toolkit

  Public
  ✅ AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.

  Python

  •49•98•6•11•Updated Jan 8, 2026Jan 8, 2026

• aboutcode

  Public
  AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/

  securitylicensesca+ 5scancodepurlsbomaboutcodedejacode

  Batchfile

  •219•268•34•41•Updated Jan 5, 2026Jan 5, 2026

• django-altcha

  Public

  aboutcode-org/django-altcha’s past year of commit activity
  Django field and widget for Altcha CAPTCHA.

  open-sourcedjangocaptcha+ 1altcha

  Python

  •

  MIT License

  •2•5•2•0•Updated Jan 5, 2026Jan 5, 2026

• binary-inspector

  Public
  A library and tools to inspect binaries (elf, winpe, mach0) for dependencies, symbols and other info, and models to store this.

  Python

  •0•1•8•0•Updated Dec 29, 2025Dec 29, 2025

• skeleton

  Public template

  aboutcode-org/skeleton’s past year of commit activity
  Python

  •9•8•34•0•Updated Dec 15, 2025Dec 15, 2025

• scancode-analyzer

  Public
  scancode-results-analyzer

  Python

  •3•4•15•1•Updated Dec 10, 2025Dec 10, 2025

• rpm-inspector

  Public
  A Python library to collect data from RPM packages including installed packages.

  Batchfile

  •0•0•1•0•Updated Dec 10, 2025Dec 10, 2025

• packageurl.rs

  Public

  aboutcode-org/packageurl.rs’s past year of commit activity
  Rust implementation of the Package URL specification.

  Rust

  •

  MIT License

  •15•0•0•0•Updated Dec 4, 2025Dec 4, 2025

• packageurl-php

  Public
  PHP implementation of the package url spec

  PHP

  •

  MIT License

  •7•1•0•0•Updated Dec 4, 2025Dec 4, 2025

• packageurl-go

  Public
  Go implementation of the package url spec

  Go

  •

  MIT License

  •52•0•0•0•Updated Dec 4, 2025Dec 4, 2025

• intbitset

  Public

  aboutcode-org/intbitset’s past year of commit activity
  Python C-based extension implementing fast integer bit sets

  Cython

  •

  GNU Lesser General Public License v3.0

  •16•0•1•0•Updated Dec 3, 2025Dec 3, 2025

• packageurl-java

  Public
  Java/JVM implementation of the package url spec

  Java

  •

  MIT License

  •20•0•0•0•Updated Dec 3, 2025Dec 3, 2025