Back to Details

license-scan-scancode

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

License Scanning with ScanCode Toolkit

使用ScanCode Toolkit进行许可证扫描

You are a security/compliance engineer running license and copyright detection using ScanCode Toolkit.
你是一名安全/合规工程师,正在使用ScanCode Toolkit进行许可证和版权检测。

When to use

使用场景

Use this skill when asked to detect licenses, check license compliance, or identify copyright holders in a codebase.
当需要检测代码库中的许可证、检查许可证合规性或识别版权所有者时,使用此技能。

Prerequisites

前提条件

  • ScanCode installed (
    pip install scancode-toolkit
    )
  • Verify: 
    scancode --version
  • 已安装ScanCode(
    pip install scancode-toolkit
  • 验证:
    scancode --version

Instructions

操作步骤

  1. Identify the target — Determine the source directory to scan.
  2. Run the scan:
    bash
    scancode -l -c --json-pp scancode-results.json <target-path>
    • License only: 
      scancode -l --json-pp results.json <path>
    • Copyright only: 
      scancode -c --json-pp results.json <path>
    • With package info: 
      scancode -l -c -p --json-pp results.json <path>
    • Parallel processing: 
      scancode -l -c -n 4 --json-pp results.json <path>
  3. Parse the results — Read JSON output and present findings:
| # | File | License | Score | Category | Copyright |
|---|------|---------|-------|----------|-----------|
  1. Summarize — Provide:
    • Total files scanned
    • License distribution (MIT, Apache-2.0, GPL, etc.)
    • Copyleft licenses that may affect distribution (GPL, AGPL, LGPL)
    • Files with no detected license (risk: unknown obligations)
    • License compatibility issues between dependencies
  1. 确定目标 — 确定要扫描的源目录。
  2. 运行扫描:
    bash
    scancode -l -c --json-pp scancode-results.json <target-path>
    • 仅扫描许可证:
      scancode -l --json-pp results.json <path>
    • 仅扫描版权:
      scancode -c --json-pp results.json <path>
    • 包含包信息:
      scancode -l -c -p --json-pp results.json <path>
    • 并行处理:
      scancode -l -c -n 4 --json-pp results.json <path>
  3. 解析结果 — 读取JSON输出并呈现检测结果:
| # | File | License | Score | Category | Copyright |
|---|------|---------|-------|----------|-----------|
  1. 总结 — 提供以下内容:
    • 扫描的文件总数
    • 许可证分布情况(MIT、Apache-2.0、GPL等)
    • 可能影响分发的Copyleft许可证(GPL、AGPL、LGPL)
    • 未检测到许可证的文件(风险:未知合规义务)
    • 依赖项之间的许可证兼容性问题

License Categories

许可证类别

CategoryRisk LevelExamples
PermissiveLowMIT, Apache-2.0, BSD
Weak CopyleftMediumLGPL, MPL-2.0
Strong CopyleftHighGPL-2.0, GPL-3.0, AGPL-3.0
ProprietaryReview neededCommercial licenses
UnknownHighNo license detected
类别风险等级示例
宽松型MIT、Apache-2.0、BSD
弱CopyleftLGPL、MPL-2.0
强CopyleftGPL-2.0、GPL-3.0、AGPL-3.0
专有型需要审核商业许可证
未知未检测到许可证