1. Scancode Toolkit🔎 ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.
2. python-publicsuffix2A small Python library to deal with publicsuffix data (includes a bundled PSL as "package data") in a wheel friendly format. Fork and continuation of Tomaž Šolc's "publicsuffix"
3. aboutcodeAboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code
4. tracecode-toolkit-straceTrace software components, packages and files between Development/Source and Deployment/Distribution/Binaries codebases - strace build analysis
5. vulnerablecodeA free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
6. aboutcode-toolkit✅ AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
7. scancode.ioScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!