AboutCode is a family of FOSS projects designed to uncover metadata about software, such as:
- Where does the code come from?
- Which software package does it belong to?
- What is its license and copyright?
- Is the code vulnerable, maintained, and well-coded?
- What are its dependencies, and are there vulnerabilities or licensing issues?
With millions of open source components available, answering these questions is critical.
AboutCode helps ensure that:
Software origin, licensing, and security risks are transparent and manageable — enabling safe and confident reuse of open source software.
We support not only open source software, but also open data generated and curated by our tools.
This repository contains information about AboutCode open source activities, not the actual code.
👉 For source code and tools, please refer to the official website: https://www.aboutcode.org
- 🌐 Homepage: https://www.aboutcode.org
- 📖 Documentation: https://aboutcode.readthedocs.io/en/latest/
- 💬 Chat: Gitter | Slack
- 📝 Weekly Meetings: Meeting Minutes
- 🚀 GSoC: Wiki
- 🛠️ Documentation Build: Doc Build
The list of AboutCode projects is now maintained on the official website:
Please visit the website for the most up-to-date and complete list of projects.
We welcome contributions! Whether you're:
- Fixing bugs 🐛
- Adding features 🚀
- Improving documentation 📚
We’d love your help.
- Read the
CONTRIBUTING.mdguide - Look for good first issues
- Join the community chat
AboutCode Data defines conventions for structured data exchange across tools.
Examples include:
- ABOUT files
- ScanCode Toolkit outputs
This approach supports interoperability with tools like:
- libraries.io
- OSS Review Toolkit
AboutCode is built on and contributes to key industry standards:
A universal way to identify software packages across ecosystems.
Originated from ScanCode and progressing toward Ecma standardization.
A specification for defining dependency and vulnerability version ranges.
(See VERSION-RANGE-SPEC.rst)
- SPDX – Software Package Data Exchange
- CycloneDX – BOM standard for supply chain security
- ClearlyDefined – Improves FOSS licensing clarity
- Apache License 2.0
See: CODE_OF_CONDUCT.rst