Why ScanCode?

We could not find an existing tool (open source or commercial) meeting our needs:

  • usable from the command line or as library

  • running on Linux, Mac and Windows

  • written in a higher level language such as Python

  • easy to extend and evolve

  • accurately detecting most licenses and copyrights

How is ScanCode different from Debian licensecheck?

At a high level, ScanCode detects more licenses and copyrights than licensecheck does, reporting more details about the matches. It is likely slower.

In more details: ScanCode is a Python app using a data-driven approach (as opposed to carefully crafted regex like licensecheck uses):

  • for license scan, the detection is based on a (large) number of license full texts (~1800) and license notices, mentions and variants (~29,000 and is data- driven as opposed to be regex-driven. It detects and reports exactly where license text is found in a file. Just throw in more license texts to improve the detection.

  • for copyright scan, the approach is natural language parsing grammar; it has a few thousand tests.

  • licenses and copyrights are detected in texts and binaries

  • licenses and copyrights are also detected in structured package manifests

Licensecheck (available here for reference: https://metacpan.org/pod/App::Licensecheck ) is a Perl script using hand- crafted regex patterns to find typical copyright statements and about 50 common licenses. There are about 50 license detection tests.

A quick test (in July 2015, before a major refactoring, but for this may still be still valid) shows several things that are not detected by licensecheck that are detected by ScanCode.

How can I integrate ScanCode in my application?

More specifically, does this tool provide an API which can be used by us for the integration with my system to trigger the license check and to use the result?

In terms of API, there are two stable entry points:

#. The JSON output when you use it as a command line tool from any language or when you call the scancode.cli.scancode function from a Python script.

#. Otherwise the scancode.cli.api module provides a simple function if you are only interested in calling a certain service on a given file (such as license detection or copyright detection)

Can I install ScanCode in a Unicode path?

Yes but but it is best to void this for now. See https://github.com/nexB/scancode- toolkit/issues/867

There is a bug in virtualenv https://github.com/pypa/virtualenv/issues/457 that is now fixed but has not been extensively tested for ScanCode.