Write scan output as pretty-printed JSON to
FILE. This is one of the recommended output
formats and contains all the data scancode
can show along with the YAML output format.
--json-lines FILE
Write scan output as JSON Lines to FILE.
--yaml FILE
Write scan output as YAML to FILE.
This is one of the recommended output
formats and contains all the data scancode
can show along with the JSON output format.
--csv FILE
DEPRECATED: Write scan output as CSV to FILE.
This option is deprecated and will be replaced by
new CSV and tabular output formats in the next
ScanCode release. Visit this issue for details,
and to provide input and feedback:
https://github.com/aboutcode-org/scancode-toolkit/issues/3043
--html FILE
Write scan output as HTML to FILE.
--custom-output
Write scan output to FILE formatted with the
custom Jinja template file.
Mandatory Sub-option:
--custom-templateFILE
--custom-template FILE
Use this Jinja template FILE as a custom
template.
Sub-Option of: --custom-output
--debian FILE
Write scan output in machine-readable Debian copyright
format to FILE.
--spdx-rdf FILE
Write scan output as SPDX RDF to FILE.
--spdx-tv FILE
Write scan output as SPDX Tag/Value to FILE.
--html-app FILE
[DEPRECATED] Use scancode-workbench
instead. Write scan output as a mini HTML
application to FILE.
--cyclonedx FILE
Write scan output as a CycloneDx 1.3 BOM
in pretty-printed JSON format to FILE
--cyclonedx-xml FILE
Write scan output as a CycloneDx 1.3 BOM
in pretty-printed XML format to FILE
Warning
The html-app feature has been deprecated and you should use Scancode Workbench instead
to visualize scan results. The official Repository link.
Also refer How to Visualize Scan results.
Note
You can Output Scan Results in two different file formats simultaniously in one Scan. An
example - scancode-clpieu--json-ppoutput.json--htmloutput.htmlsamples.
Note
All the examples and snippets that follows has been generated by scanning the samples
folder distributed with scancode-toolkit.
If you want to format the output in JSON and print it at stdout, you can replace the JSON filename
with a “-”, like --json-pp- instead of --json-ppoutput.json.
The following command will output the scan results in JSON format to stdout (In the Terminal):
Among the ScanCode Output Formats, json is the most important one, and is recommended over
others. Scancode Workbench and other applications that use Scancode Result data as input accept
only the json format.
The following code performs a scan on the samples directory, and publishes the results in
json format:
scancode-clpieu--jsonoutput.jsonsamples
Note
The default json format prints the whole report without line breaks/spaces/indentations,
which can be ugly to look at.
The entire JSON file is structured in the following manner:
At first some general information on the scan, what options were used, the number of files etc.
And then all the files follow.
{"headers":[{"tool_name":"scancode-toolkit","tool_version":"3.1.1","options":{"input":["samples/"],"--copyright":true,"--email":true,"--info":true,"--json-pp":"output.json","--license":true,"--package":true,"--url":true},"notice":"Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/aboutcode-org/scancode-toolkit/ for support and download.","start_timestamp":"2019-10-19T191117.292858","end_timestamp":"2019-10-19T191219.743133","message":null,"errors":[],"extra_data":{"files_count":36}}],"files":[{"path":"samples","type":"directory",..."scan_errors":[]},{"path":"samples/README","type":"file","name":"README","base_name":"README","extension":"","size":236,"date":"2019-02-12","sha1":"2e07e32c52d607204fad196052d70e3d18fb8636","md5":"effc6856ef85a9250fb1a470792b3f38","mime_type":"text/plain","file_type":"ASCII text","programming_language":null,"is_binary":false,"is_text":true,"is_archive":false,"is_media":false,"is_source":false,"is_script":false,"license_detections":[],"detected_license_expression":None,"detected_license_expression_spdx":None,"copyrights":[],"holders":[],"authors":[],"package_data":[],"for_packages":[],"emails":[],"urls":[],"files_count":0,"dirs_count":0,"size_count":0,"scan_errors":[]},{...},...]}
json-pp stands for JSON Pretty-Print format. In the previous format, i.e. Simple json,
the whole output is printed in one line, which isn’t well suited for getting information if
you’re looking at the file itself (or printing at stdout). So this option formats the output
results in json but in a properly spaced and indented manner, and is easy to look at.
The following code performs a scan on the samples directory, and publishes the results in
json-pp format:
scancode-clpieu--json-ppoutput.jsonsamples
A sample JSON output for an individual file will look like:
{"path":"samples/zlib/iostream2/zstream.h","type":"file","name":"zstream.h","base_name":"zstream","extension":".h","size":9283,"date":"2019-02-12","sha1":"fca4540d490fff36bb90fd801cf9cd8fc695bb17","md5":"a980b61c1e8be68d5cdb1236ba6b43e7","mime_type":"text/x-c++","file_type":"C++ source, ASCII text","programming_language":"C++","is_binary":false,"is_text":true,"is_archive":false,"is_media":false,"is_source":true,"is_script":false,"license_detections":["license-expression":"mit-old-style","matches":[{"license_expression":"mit-old-style","score":100.0,"rule_identifier":"mit-old-style_cmr-no_1.RULE","matcher":"2-aho","rule_length":71,"matched_length":71,"match_coverage":100.0,"rule_relevance":100}]"identifier":"mit-old-style-ec759ae0-1234-f138-793e-356789e080c0"],"detected_license_expressions":"mit-old-style","detected_license_expressions_spdx":"LicenseRef-scancode-mit-old-style","copyrights":[{"value":"Copyright (c) 1997 Christian Michelsen Research AS Advanced Computing","start_line":3,"end_line":5}],"holders":[{"value":"Christian Michelsen Research AS Advanced Computing","start_line":3,"end_line":5}],"authors":[],"package_data":[],"emails":[],"urls":[{"url":"http://www.cmr.no/","start_line":7,"end_line":7}],"files_count":0,"dirs_count":0,"size_count":0,"scan_errors":[]},
This is the recommended Output option for Scancode Toolkit.
The header information is also formatted in one line (i.e. The First Line of the file).
The whole Output file looks like:
{"headers":[{"tool_name":"scancode-toolkit","tool_version":"3.1.1","options":{"input":["samples/"],"--copyright":true,"--email":true,"--info":true,"--json-lines":"output.json","--license":true,"--package":true,"--url":true},"notice":"Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/aboutcode-org/scancode-toolkit/ for support and download.","start_timestamp":"2019-10-19T210920.143831","end_timestamp":"2019-10-19T211052.048182","message":null,"errors":[],"extra_data":{"files_count":36}}]}{"files":[{"path":"samples"..."scan_errors":[]}]}{"files":[{"path":"samples/README",..."scan_errors":[]}]}{"files":[{"path":"samples/screenshot.png",..."scan_errors":[]}]}{"files":[{"path":"samples/arch",..."scan_errors":[]}]}{"files":[{"path":"samples/arch/zlib.tar.gz",..."scan_errors":[]}]}{"files":[{"path":"samples/arch/zlib.tar.gz-extract",..."scan_errors":[]}]}{"files":[{"path":"samples/arch/zlib.tar.gz-extract/zlib-1.2.8",..."scan_errors":[]}]}{"files":[{"path":"samples/arch/zlib.tar.gz-extract/zlib-1.2.8/adler32.c",..."scan_errors":[]}]}{"files":[{"path":"samples/arch/zlib.tar.gz-extract/zlib-1.2.8/zlib.h",..."scan_errors":[]}]}{"files":[{"path":"samples/arch/zlib.tar.gz-extract/zlib-1.2.8/zutil.h",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/EULA",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/LICENSE",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/licenses",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/licenses/apache-1.1.txt",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/licenses/apache-2.0.txt",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/licenses/bouncycastle.txt",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/licenses/cpl-1.0.txt",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/licenses/lgpl.txt",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src/FixedMembershipToken.java",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src/GuardedBy.java",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src/ImmutableReference.java",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src/RATE_LIMITER.java",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src/RouterStub.java",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src/RouterStubManager.java",..."scan_errors":[]}]}{"files":[{"path":"samples/JGroups/src/S3_PING.java",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/adler32.c",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/deflate.c",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/deflate.h",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/zlib.h",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/zutil.c",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/zutil.h",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/ada",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/ada/zlib.ads",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/dotzlib",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/dotzlib/AssemblyInfo.cs",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/dotzlib/ChecksumImpl.cs",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/dotzlib/LICENSE_1_0.txt",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/dotzlib/readme.txt",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/gcc_gvmat64"..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/gcc_gvmat64/gvmat64.S"..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/infback9",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/infback9/infback9.c",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/infback9/infback9.h",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/iostream2",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/iostream2/zstream.h",..."scan_errors":[]}]}{"files":[{"path":"samples/zlib/iostream2/zstream_test.cpp",..."scan_errors":[]}]}
Note
This jsonlines format also omits other file information like type, name, date,
extension, sha1 and md5 hashes, programming language etc.
SPDX stands for “Software Package and Data Exchange” and is an open standard
for communicating software bill of material information (including components, licenses,
copyrights, and security references).
The following code performs a scan on the samples directory, and publishes the results in
spdx-rdf format:
scancode-clpieu--spdx-rdfoutput.spdxsamples
Learn more about SPDX specifications here and in this GitHub
repository.
Here the file is structured as a dictionary of named properties and classes using W3C’s
RDF Technology.
ScanCode supports formatting the Output result is a simple html format, to open with your
favorite browser. This helps quick visualization of the detected license/copyright and other
main information in the form of tables.
The following code performs a scan on the samples directory, and publishes the results in
HTML format:
scancode-clpieu--htmloutput.htmlsamples
The HTML page generated has these following Tables:
ScanCode also supports formatting the output in a HTML visualization tool, which is more
helpful than the standard HTML format.
Warning
The html-app feature has been deprecated and you should use Scancode Workbench instead
to visualize scan results. The official Repository link.
Also refer How to Visualize Scan results.
The following code performs a scan on the samples directory, and publishes the results in
html-app format:
scancode-clpieu--html-appoutput.htmlsamples
The Files scanned are shown in the left sidebar, and the section on the right contains separate
tabs for the following:
License Summary
Copyright Summary
Clues
File Details
Packages
Note
The HTML app also contains a Search option to easily find what you are looking for.
But the HTML app output is deprecated and we recommend using scancode-workbench instead:
https://github.com/aboutcode-org/scancode-workbench.
Scancode also supports the CycloneDx output format
Please note that this output format is only useful when scanning with the --package option
This output format is particularly useful if you want to process ScanCode results
in downstream tools that can’t process ScanCode’s native JSON output,
but do support CycloneDx BOMs.
To run an example scan on the test resources try:
./scancode--package--cyclonedx=bom.jsontests/formattedcode/data/cyclonedx/simple
If you prefer XML output over JSON, please have a look at the --cyclonedx-xml option instead
While the three built-in output formats are convenient for a verity of use-cases, one may wish to
create their own output template, using the following arguments:
ScanCode makes this very easy, as it uses the popular Jinja2 template engine. Simply pass the path
to the custom template to the --custom-template argument, or drop it in a folder to
src/scancode/templates directory.
For example, if I wanted a simple CLI output I would create a template2.html with the
particular data I wish to see. In this case, I am only interested in the license and copyright
data for this particular scan.