ScanCode Toolkit

https://github.com/nexB/scancode-toolkit
A typical software project often reuses hundreds of third-party packages. License and origin information is not always easy to find and not normalized: ScanCode discovers and normalizes this data for you.

• As a standalone command line tool, ScanCode is easy to install, run and embed in your CI/CD processing pipeline. It runs on Windows, macOS and Linux.
• ScanCode is used by several projects and organizations such as the Eclipse Foundation, OpenEmbedded.org, the FSF, OSS Review Toolkit, ClearlyDefined.io, RedHat Fabric8 analytics and many more.
• ScanCode detects licenses, copyrights, package manifests and direct dependencies and more both in source code and binary files.
• ScanCode provides the most accurate license detection engine and does a full comparison (aka. diff or red line) between a database of license texts and your code instead of relying only on regex patterns or probabilistic search, edit distance or machine learning.
• Written in Python, ScanCode is easy to extend with plugins to contribute new and improved scanners, data summarization, package manifest parsers and new outputs.
• You can save your scan results as JSON, HTML, CSV or SPDX. And you can use the companion ScanCode workbench GUI app to review and display scan results, statistics and graphics.
• ScanCode is actively maintained, has a growing community of users.
• ScanCode is heavily tested with an automated test suite of over 8000 tests.
• ScanCode has extensive and updated Documentation help for users.