Explore @nexB Open Source projects

@nexB

nexB

Stars
637
Global Org. Rank 20,586 (Top 7 %)
Registered almost 10 years ago
Most used languages

Python
76.6 %

HTML
10.6 %

C
2.1 %

Batchfile 2.1 %

C#
2.1 %

Go
2.1 %

Makefile 2.1 %

TypeScript
2.1 %
Location 🇺🇸 United States
Country Total Rank 3,406
Country Ranking

Batchfile 38

Makefile 388

Python
499

TypeScript
2,119

HTML
3,064

scancode-toolkit

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

aboutcode

AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code

scancode-workbench

📊 ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.

scancode.io

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

aboutcode-toolkit

✅ AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.

license-expression

Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.

extractcode

A mostly universal file extraction library and CLI tool to extract almost any archive in a reasonably safe way on Linux, macOS and Windows.

container-inspector

container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relate to each other. It can also handle OCI images and Dockerfiles.

python-publicsuffix2

A small Python library to deal with publicsuffix data (includes a bundled PSL as "package data") in a wheel friendly format. Fork and continuation of Tomaž Šolc's "publicsuffix"

purldb

Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

scancode-licensedb

A free and open database of all the licenses, in particular all the open source software licenses

univers

Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!

tracecode-toolkit-strace

Trace software components, packages and files between Development/Source and Deployment/Distribution/Binaries codebases - strace build analysis

python-inspector

Inspect Python code and PyPI package manifests. Resolve Python dependencies.

deltacode

DeltaCode: compare two codebase scans (from ScanCode) to detect significant changes.

scancode-server

This project is no longer maintained. Visit https://github.com/nexB/scancode.io/ instead for similar and current project

dejacode

Automate open source license compliance and ensure software supply chain integrity

pip-requirements-parser

a mostly correct pip requirements parsing library

debian-inspector

A python library to parse Debian deb822-style control and copyright files and all related Debian, Ubuntu and Debian-derivative manifest and metadata files, an alternative approach to python-debian.

cwe2

Common weakness enumeration library for Python (maintained fork of https://github.com/Julian-Nash/cwe )

saneyaml

Cleaner, simpler, safer and saner YAML parsing/serialization in Python, for YAML meant to be readable first, on top of PyYAML

fetchcode

A library to reliably fetch code via HTTP, FTP and version control systems. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

skeleton

typecode

clearcode-toolkit

ClearCode is a simple tool to fetch and sync all ClearlyDefined data locally.

scancode-analyzer

scancode-results-analyzer

scancode-thirdparty-src

Source code for ScanCode prebuilt dependencies

nuget-inspector

Inspect and resolve .NET and NuGet package dependencies like dotnet and nuget do. Fetch manifests data. Runs on Linux, Windows and macOS as a standalone application.

purldb-data

A dataset of purl for offline lookup and verification usage. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

scancode-action

Run ScanCode.io pipelines from your Workflows

commoncode

pkginfo2

Git mirror of http://bazaar.launchpad.net/~tseaver/pkginfo ... with modifications

pygmars

Craft simple regex-based small language lexers and parsers. Build parsers from grammars and accept Pygments lexers as an input. Derived from NLTK.

turbo-spdx

Fast and lightweight Python library for parsing and writing SPDX JSON documents correctly.

scancode-plugins

A set of plugins either delivered as builtin scancode-toolkit or extra plugins

scancode-toolkit-contrib

Candidate additions and contribution for the ScanCode toolkit

dependency-inspector

A general purpose, mostly universal software package dependency resolver.

scancode-toolkit-plugin-cookiecutter

plugincode

jvm-inspector

[WIP] jvm-inspector is a set of tools and utility functions to inspect JVM byte code and source code

sanexml

federatedcode

dejacode-toolkit

[Work in progress] An API client and toolkit with libraries, utilities and helpers to work with the DejaCode API

go-inspector

[WIP] An inspector for Go language-based source, binaries, packages, dependencies and metadata

scancode.io-pipeline-glc_scan

scancode-toolkit-reference-scans

scancode-toolkit-reference-scans

heritedcode

A software heritage API client

vulnerablecode-data

aboutcode-cyclonedx-taxonomy

AboutCode CycloneDX Property Taxonomy

spdx-licenses

A mirror of http://spdx.org licenses

matchcode-toolkit

attributecode

[Archived] This project was an Attribution generation tool with many content and format options for the input data. All its features have been folded back in the latest AboutCode Toolkit at https://github.com/nexB/aboutcode-toolkit