OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Security & License Compliance For Your App's Dependencies 🪱

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

Repository to hold the new UI framework for FOSSology built with React

GitHub Action for license compliance: Python, JavaScript, iOS, Android and more.

This repo contains license and copyright analysis results of open source packages. It further contains other license compliance relevant artifacts, which might be of value for others

Chrome/Firefox browser extension to compare text against spdx license list

🔐⛵ Effortless dependency compliance with your license policies

Deterministically map license strings to their canonical identifiers

bitbake layer repository for intergrating osselot into the build process

Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.

License compliance for Node applications made ultra easy. Provide it a string of licenses or fetch licenses dynamically from an online source.

BotSniffer - Detects source code generated by AI on projects using Machine Learning.

Toolset that helps you with creating and interacting with SBOMs, enriching with licensing and copyright information, and checking for Open Source license compliance

This repo is for testing various SBOM and license scanning tools

mcp-semclone - Model Context Protocol Server for SEMCL.ONE

This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles

Unity Editor tool that generates deterministic third-party notices, credits, and compliance manifests for game releases.

DO NOT GET CAUGHT LACKING! Keep it totally legal, bro. LICENSE, SPDX headers, CI enforcement, repair mode. The works. Legit af.

Comprehensive dependency health analyzer for Node.js projects - combining age detection, license compliance, and security analysis