ScanCode is an opensource software and detects licenses, copyrights, package manifests & dependencies and more by scanning code. This allows to automated discovery of third-party packages, licenses being used in a project. Scancode currently handles various package metadata formats, such as for npm (package.json), python (setup.py). The goal of this project is to add additional package metadata and lockfile parsers to scancode-toolkit. Scancode currently implements parsers for Python packages (setup.py, .whl), package-lock.json/npm-shrinkwrap.json , Ruby Gems (Gemfile, Gemfile.lock), Java Jars, PHP Composer Packages, Debian .deb files/Yum .rpm files, Rust crates.
However, there a few formats still missing - such as:
- Ruby Gems (.gemspec)
- Go (go.mod, go.sum)
- Scala (.sbt)
- Python packages (requirements.txt, pipfile.lock)
- Rust (cargo.lock)