Repositories list

• aboutcode-mirror-nuget-catalog

  Public

  aboutcode-org/aboutcode-mirror-nuget-catalog’s past year of commit activity
  Append-only mirror of NuGet Catalog, updated hourly

  Python

  •2•1•0•0•Updated Jan 3, 2026Jan 3, 2026

• purlvalidator-go

  Public

  aboutcode-org/purlvalidator-go’s past year of commit activity
  Offline Package URL validator using a prebuilt FST of known packages.

  fstpurlairgapped+ 2sbom-toolpackageurl

  Go

  •

  Apache License 2.0

  •0•0•0•0•Updated Jan 3, 2026Jan 3, 2026

• purl-validator.rs

  Public

  aboutcode-org/purl-validator.rs’s past year of commit activity
  Offline Package URL validator using a prebuilt FST of known packages.

  fstpurlairgapped+ 2sbom-toolpackageurl

  Rust

  •

  Apache License 2.0

  •1•0•0•0•Updated Jan 3, 2026Jan 3, 2026

• dejacode

  Public

  aboutcode-org/dejacode’s past year of commit activity
  Automate open source license compliance and ensure software supply chain integrity

  open-sourcevulnerabilitieslicense+ 7spdxscascancodepurlpackage-urlcyclonedxfoss-compliance

  Python

  •

  GNU Affero General Public License v3.0

  •18•37•84•3•Updated Jan 2, 2026Jan 2, 2026

• scancode.io

  Public

  aboutcode-org/scancode.io’s past year of commit activity
  ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

  dockeropen-sourcevirtual-machine+ 10vulnerabilitieslicensespdxscascancodesoftware-composition-analysispurl+ 3

  Python

  •

  Apache License 2.0

  •148•165•426•37•Updated Jan 2, 2026Jan 2, 2026

• vulnerablecode

  Public
  A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

  securityvulnerabilitysnyk+ 15vulnerability-databasesvulndbcvecpenvdvulnerability-detectionosv+ 8

  Python

  •

  Apache License 2.0

  •261•642•685•86•Updated Jan 2, 2026Jan 2, 2026

• aboutcode-mirror-kev

  Public

  aboutcode-org/aboutcode-mirror-kev’s past year of commit activity
  AboutCode Mirror for CISA Known Exploited Vulnerabilities

  4•1•0•0•Updated Dec 30, 2025Dec 30, 2025

• www.aboutcode.org

  Public

  aboutcode-org/www.aboutcode.org’s past year of commit activity
  Staging, issue content tidbits for AboutCode.org

  JavaScript

  •3•2•57•0•Updated Dec 29, 2025Dec 29, 2025

• binary-inspector

  Public

  aboutcode-org/binary-inspector’s past year of commit activity
  A library and tools to inspect binaries (elf, winpe, mach0) for dependencies, symbols and other info, and models to store this.

  Python

  •0•1•8•0•Updated Dec 29, 2025Dec 29, 2025

• scancode-toolkit

  Public

  aboutcode-org/scancode-toolkit’s past year of commit activity
  🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

  licensingpackagesopen-source-licensing+ 17dependency-graphprovenancedependencieslicensespdxcopyrightsca+ 10

  Python

  •654•2.4k•1.2k•88•Updated Dec 29, 2025Dec 29, 2025

• purldb

  Public
  Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

  purlpackage-url

  HTML

  •42•58•288•7•Updated Dec 22, 2025Dec 22, 2025

• aboutcode-toolkit

  Public
  ✅ AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.

  Python

  •49•98•6•11•Updated Dec 22, 2025Dec 22, 2025

• typecode

  Public
  TypeCode provides comprehensive filetype and mimetype detection using multiple detectors including libmagic (included as a dependency for Linux, Windows and macOS) and Pygments.

  Python

  •11•9•14•6•Updated Dec 18, 2025Dec 18, 2025

• aboutcode

  Public
  AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/

  securitylicensesca+ 5scancodepurlsbomaboutcodedejacode

  Batchfile

  •204•265•32•30•Updated Dec 15, 2025Dec 15, 2025

• skeleton

  Public template
  Python

  •9•8•33•0•Updated Dec 15, 2025Dec 15, 2025

• scancode-licensedb

  Public
  A free and open database of all the licenses, in particular all the open source software licenses

  fosslicensescancode-toolkit+ 1scancode-licensedb

  Makefile

  •10•55•21•3•Updated Dec 12, 2025Dec 12, 2025

• scancode-analyzer

  Public
  scancode-results-analyzer

  Python

  •3•4•15•1•Updated Dec 10, 2025Dec 10, 2025

• rpm-inspector

  Public
  A Python library to collect data from RPM packages including installed packages.

  Batchfile

  •0•0•1•0•Updated Dec 10, 2025Dec 10, 2025

• packageurl.rs

  Public
  Rust implementation of the Package URL specification.

  Rust

  •

  MIT License

  •15•0•0•0•Updated Dec 4, 2025Dec 4, 2025

• packageurl-php

  Public
  PHP implementation of the package url spec

  PHP

  •

  MIT License

  •7•1•0•0•Updated Dec 4, 2025Dec 4, 2025

• packageurl-go

  Public
  Go implementation of the package url spec

  Go

  •

  MIT License

  •51•0•0•0•Updated Dec 4, 2025Dec 4, 2025

• intbitset

  Public
  Python C-based extension implementing fast integer bit sets

  Cython

  •

  GNU Lesser General Public License v3.0

  •16•0•1•0•Updated Dec 3, 2025Dec 3, 2025

• packageurl-java

  Public

  aboutcode-org/packageurl-java’s past year of commit activity
  Java/JVM implementation of the package url spec

  Java

  •

  MIT License

  •19•0•0•0•Updated Dec 3, 2025Dec 3, 2025

• scancode-action

  Public
  Run ScanCode.io pipelines from your Workflows

  licensespdxscancode+ 1cyclonedx

  Apache License 2.0

  •3•12•5•2•Updated Dec 3, 2025Dec 3, 2025

• aboutcode-mirror-euvd

  Public
  Mirror of European Union Vulnerability Database (EUVD)

  mirrorvulnerabilityeuvd

  1•0•0•1•Updated Dec 2, 2025Dec 2, 2025

• fetchcode

  Public
  A library to reliably fetch code via HTTP, FTP and version control systems. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

  HTML

  •20•11•53•10•Updated Nov 28, 2025Nov 28, 2025

• packageurl-dotnet

  Public
  .NET implementation of the package url spec

  C#

  •

  MIT License

  •14•0•0•0•Updated Nov 25, 2025Nov 25, 2025

• fingerprints

  Public
  Make it easier to compare and cross-reference the names of companies and people by applying strong normalisation.

  Python

  •

  MIT License

  •18•0•0•2•Updated Nov 24, 2025Nov 24, 2025

• packageurl-swift

  Public
  Swift implementation of the package url spec

  Swift

  •

  MIT License

  •2•0•0•0•Updated Nov 21, 2025Nov 21, 2025

• packageurl-ruby

  Public
  Ruby implementation of the package url spec

  Ruby

  •

  MIT License

  •4•1•0•0•Updated Nov 21, 2025Nov 21, 2025