TrustSource

you always wanted to know

which licenses your repository effectively contains?

Scan now!

it's free...!

some_bg_visual

Are you familiar with the difference between

effective and declared licenses?

Read more!

What is the DeepScan project?

DeepScan has been initially developed by the TrustSource DEV-Team to improve existing license and copyright identification. Actually we thought that copyright identification should not be rule based – as with scancode. But after studying several approaches, we came to the conclusion, that due to the already existing amount of rules scancode can’t be beaten. So we included parts of it for the copyright identification but enhanced the license identification with our similarity analysis approach. To pay back for this valuable input, we decided to open source the complete DeepScan Engine as well.

DeepScan is part of the TrustSource solution, which addresses the open source compliance tasks and processes in total. DeepScan  focusses on scanning repositories. Thus it does not discover the transitive dependencies generated by dynamically integrated components. Please see the CI/CD-scanners of TrustSource (also open source), which could be found here.

Talk at FOSDEM 2021, Feb 7th 2021, where Ian introduces DeepScan

Find our sources at GitHub

Use free hosted version

Get API access

DeepScan Features

Scan Repositories

Identify effective licenses

Identify copyrights

Most programming languages

Compare Structures

Review Results

Why are effective licenses so important?

The answer is simple: Only the effective licenses determine the grants and obligations relevant to you!

Despite many open source products declaring a permissive license like Apache or MIT, they might also contain additional components, pieces of code or  sub-components which have been licensed under different licenses. Whatever is included, you as the distributor will have to cope with all requirements of all licenses you are distributing.

Thus, you must be sure that your distributed codebase will not contain unwanted licenses. Try and see, what you will get! You may use the Web-UI of DeepScan without configuration and/or registration to screen a repository for licenses.

LegalCheck determines license obligations in particular circumstances. Learn more about license interpretation…