Repositories list

• aboutcode-mirror-nuget-catalog

  Public
  Append-only mirror of NuGet Catalog, updated hourly

  Python

  •0•0•0•0•Updated Oct 14, 2025Oct 14, 2025

• dejacode

  Public
  Automate open source license compliance and ensure software supply chain integrity

  open-sourcevulnerabilitieslicense+ 7spdxscascancodepurlpackage-urlcyclonedxfoss-compliance

  Python

  •

  GNU Affero General Public License v3.0

  •14•34•76•4•Updated Oct 14, 2025Oct 14, 2025

• vulnerablecode

  Public
  A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

  securityvulnerabilitysnyk+ 15vulnerability-databasesvulndbcvecpenvdvulnerability-detectionosv+ 8

  Python

  •

  Apache License 2.0

  •237•633•646•59•Updated Oct 13, 2025Oct 13, 2025

• scancode-toolkit

  Public
  🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

  licensingpackagesopen-source-licensing+ 17dependency-graphprovenancedependencieslicensespdxcopyrightsca+ 10

  Python

  •607•2.4k•1.2k•54•Updated Oct 13, 2025Oct 13, 2025

• purl-spec

  Public
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

  Python

  •

  Other

  •201•0•48•0•Updated Oct 13, 2025Oct 13, 2025

• purldb

  Public
  Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

  purlpackage-url

  HTML

  •36•52•274•6•Updated Oct 10, 2025Oct 10, 2025

• aboutcode-mirror-kev

  Public
  AboutCode Mirror for CISA Known Exploited Vulnerabilities

  3•0•0•0•Updated Oct 10, 2025Oct 10, 2025

• scancode.io

  Public
  ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

  dockeropen-sourcevirtual-machine+ 10vulnerabilitieslicensespdxscascancodesoftware-composition-analysispurl+ 3

  Python

  •

  Apache License 2.0

  •116•150•423•21•Updated Oct 9, 2025Oct 9, 2025

• python-inspector

  Public
  Inspect Python code and PyPI package manifests. Resolve Python dependencies.

  pythonpipdependency-resolver

  Python

  •24•24•65•4•Updated Oct 7, 2025Oct 7, 2025

• scancode-licensedb

  Public
  A free and open database of all the licenses, in particular all the open source software licenses

  fosslicensescancode-toolkit+ 1scancode-licensedb

  Makefile

  •9•52•21•3•Updated Oct 6, 2025Oct 6, 2025

• debian-inspector

  Public
  A python library to parse Debian deb822-style control and copyright files and all related Debian, Ubuntu and Debian-derivative manifest and metadata files, an alternative approach to python-debian.

  debianaptdpkg+ 12ubuntudebian-packagesdebian-repositoriesapt-getdebian-packagingdpkg-debdeb822+ 5

  Python

  •7•16•8•5•Updated Oct 2, 2025Oct 2, 2025

• aboutcode

  Public
  AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/

  securitylicensesca+ 5scancodepurlsbomaboutcodedejacode

  Batchfile

  •176•243•29•22•Updated Sep 28, 2025Sep 28, 2025

• scancode-action

  Public
  Run ScanCode.io pipelines from your Workflows

  licensespdxscancode+ 1cyclonedx

  Apache License 2.0

  •2•11•7•4•Updated Sep 12, 2025Sep 12, 2025

• univers

  Public
  Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!

  package-managerversioningversion+ 7vulnerabilitiesdependenciesosvdependency-resolverpurlpackage-urlvulnerablecode

  Python

  •19•37•45•12•Updated Sep 11, 2025Sep 11, 2025

• pkginfo2

  Public
  Git mirror of http://bazaar.launchpad.net/~tseaver/pkginfo ... with modifications

  Python

  •

  MIT License

  •3•3•2•3•Updated Sep 10, 2025Sep 10, 2025

• packageurl-python

  Public
  Python implementation of the package url spec

  Python

  •52•0•0•0•Updated Sep 9, 2025Sep 9, 2025

• fingerprints

  Public
  Make it easier to compare and cross-reference the names of companies and people by applying strong normalisation.

  Python

  •

  MIT License

  •18•0•0•2•Updated Sep 8, 2025Sep 8, 2025

• purl-benchmarks

  Public
  AboutCode PURL Accuracy Benchmarks

  0•1•0•1•Updated Sep 3, 2025Sep 3, 2025

• packageurl-java

  Public
  Java/JVM implementation of the package url spec

  Java

  •

  MIT License

  •21•0•0•0•Updated Aug 31, 2025Aug 31, 2025

• packageurl.rs

  Public
  Rust implementation of the Package URL specification.

  Rust

  •

  MIT License

  •14•0•0•0•Updated Aug 31, 2025Aug 31, 2025

• packageurl-go

  Public
  Go implementation of the package url spec

  Go

  •

  MIT License

  •50•0•0•0•Updated Aug 28, 2025Aug 28, 2025

• vulntotal-extension

  Public
  CSS

  •3•1•4•4•Updated Aug 21, 2025Aug 21, 2025

• .github

  Public
  aboutcode Homepage @ GitHub

  Apache License 2.0

  •1•1•0•1•Updated Aug 18, 2025Aug 18, 2025

• ort

  Public
  A suite of tools to assist with reviewing Open Source Software dependencies.

  Kotlin

  •

  Apache License 2.0

  •352•2•0•0•Updated Aug 15, 2025Aug 15, 2025

• scancode.io-tutorial

  Public
  Tutorial code and test files for ScanCode.io and ScanPipe

  Creative Commons Zero v1.0 Universal

  •0•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• vendy

  Public
  Vendy is a tool for vendoring third-party packages into your project.

  Python

  •

  Apache License 2.0

  •3•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• romp

  Public
  Python

  •

  MIT License

  •7•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• binaryornot

  Public
  Ultra-lightweight pure Python package to check if a file is binary or text.

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •45•1•0•0•Updated Aug 14, 2025Aug 14, 2025

• python-semanticversion

  Public
  Semantic version comparison for Python (see http://semver.org/)

  Python

  •

  BSD 2-Clause "Simplified" License

  •74•0•0•0•Updated Aug 14, 2025Aug 14, 2025

• regipy

  Public
  Regipy is an os independent python library for parsing offline registry hives

  Python

  •

  MIT License

  •57•0•0•0•Updated Aug 14, 2025Aug 14, 2025