You can use ScanCode.io to identify all the licenses associated with a package, codebase, or container. ScanCode.io will also identify software vulnerabilities. With its library of standard and custom pipelines, ScanCode.io performs deep and comprehensive scanning to meet your analysis requirements.
Install ScanCode.io
Follow the official installation guide to set up ScanCode.io locally or using containers:
https://scancodeio.readthedocs.io/en/latest/installation.html
Configure ScanCode.io to identify software vulnerabilities.
Create a new Project in ScanCode.io to scan a Docker image.
https://scancodeio.readthedocs.io/en/latest/tutorial_web_ui_analyze_docker_image.html
You now know how to use the analyze_docker_image pipeline!
https://scancodeio.readthedocs.io/en/latest/tutorial_web_ui_review_scan_results.html
Thinking about integrating ScanCode.io into your build system? You can scan a codebase from the command line.
https://scancodeio.readthedocs.io/en/latest/tutorial_cli_analyze_codebase.html
You now know how to use the scan_codebase pipeline, and you are ready to explore the many other features of ScanCode.io!