Write scan output as pretty-printed JSON to
FILE. This is one of the recommended output
formats and contains all the data scancode
can show along with the YAML output format.
--json-lines FILE
Write scan output as JSON Lines to FILE.
--yaml FILE
Write scan output as YAML to FILE.
This is one of the recommended output
formats and contains all the data scancode
can show along with the JSON output format.
--csv FILE
DEPRECATED: Write scan output as CSV to FILE.
This option is deprecated and will be replaced by
new CSV and tabular output formats in the next
ScanCode release. Visit this issue for details,
and to provide input and feedback:
https://github.com/aboutcode-org/scancode-toolkit/issues/3043
--html FILE
Write scan output as HTML to FILE.
--custom-output
Write scan output to FILE formatted with the
custom Jinja template file.
Mandatory sub-option:
--custom-templateFILE
--custom-template FILE
Use this Jinja template FILE as a custom
template.
Sub-option of: --custom-output
--debian FILE
Write scan output in machine-readable Debian copyright
format to FILE.
--spdx-rdf FILE
Write scan output as SPDX RDF to FILE.
--spdx-tv FILE
Write scan output as SPDX Tag/Value to FILE.
--html-app FILE
[DEPRECATED] Use scancode-workbench
instead. Write scan output as a mini HTML
application to FILE.
--cyclonedx FILE
Write scan output as a CycloneDx 1.3 BOM
in pretty-printed JSON format to FILE
--cyclonedx-xml FILE
Write scan output as a CycloneDx 1.3 BOM
in pretty-printed XML format to FILE
Warning
The html-app feature has been deprecated and you should use ScanCode Workbench instead
to visualize scan results. The official Repository link.
Also refer Visualizing scan results.
Note
You can Output Scan Results in two different file formats simultaniously in one Scan. An
example - scancode-clpieu--json-ppoutput.json--htmloutput.htmlsamples.
Note
All the examples and snippets that follows has been generated by scanning the samples
folder distributed with scancode-toolkit.
If you want to format the output in JSON and print it at stdout, you can replace the JSON filename
with a “-”, like --json-pp- instead of --json-ppoutput.json.
The following command will output the scan results in JSON format to stdout (in the terminal):
Among the ScanCode Output Formats, json is the most important one, and is recommended over
others. ScanCode Workbench and other applications that use ScanCode Result data as input accept
only the json format.
Example
The following code performs a scan on the samples directory, and publishes the results in
json format
scancode-clpieu--jsonoutput.jsonsamples
Note
The default json format prints the whole report without line breaks/spaces/indentations,
which can be ugly to look at.
The entire JSON file is structured in the following manner:
At first some general information on the scan, what options were used, the number of files etc.
And then all the files follow.
{
"headers": [
{
"tool_name": "scancode-toolkit",
"tool_version": "3.1.1",
"options": {
"input": [
"samples/"
],
"--copyright": true,
"--email": true,
"--info": true,
"--json-pp": "output.json",
"--license": true,
"--package": true,
"--url": true
},
"notice": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/aboutcode-org/scancode-toolkit/ for support and download.",
"start_timestamp": "2019-10-19T191117.292858",
"end_timestamp": "2019-10-19T191219.743133",
"message": null,
"errors": [],
"extra_data": {
"files_count": 36
}
}
],
"files": [
{
"path": "samples",
"type": "directory",
...
"scan_errors": []
},
{
"path": "samples/README",
"type": "file",
"name": "README",
"base_name": "README",
"extension": "",
"size": 236,
"date": "2019-02-12",
"sha1": "2e07e32c52d607204fad196052d70e3d18fb8636",
"md5": "effc6856ef85a9250fb1a470792b3f38",
"mime_type": "text/plain",
"file_type": "ASCII text",
"programming_language": null,
"is_binary": false,
"is_text": true,
"is_archive": false,
"is_media": false,
"is_source": false,
"is_script": false,
"license_detections": [],
"detected_license_expression": None,
"detected_license_expression_spdx": None,
"copyrights": [],
"holders": [],
"authors": [],
"package_data": [],
"for_packages": [],
"emails": [],
"urls": [],
"files_count": 0,
"dirs_count": 0,
"size_count": 0,
"scan_errors": []
},
{...},
...
]
}
json-pp stands for JSON Pretty-Print format. In the previous format, i.e. Simple json,
the whole output is printed in one line, which isn’t well suited for getting information if
you’re looking at the file itself (or printing at stdout). So this option formats the output
results in json but in a properly spaced and indented manner, and is easy to look at.
The following code performs a scan on the samples directory, and publishes the results in
json-pp format
scancode-clpieu--json-ppoutput.jsonsamples
Example
{"path":"samples/zlib/iostream2/zstream.h","type":"file","name":"zstream.h","base_name":"zstream","extension":".h","size":9283,"date":"2019-02-12","sha1":"fca4540d490fff36bb90fd801cf9cd8fc695bb17","md5":"a980b61c1e8be68d5cdb1236ba6b43e7","sha1_git":"d9a10c0d8e868ebf8da0b3dc95bb0be634c34bfe","mime_type":"text/x-c++","file_type":"C++ source, ASCII text","programming_language":"C++","is_binary":false,"is_text":true,"is_archive":false,"is_media":false,"is_source":true,"is_script":false,"license_detections":["license-expression":"mit-old-style","matches":[{"license_expression":"mit-old-style","score":100.0,"rule_identifier":"mit-old-style_cmr-no_1.RULE","matcher":"2-aho","rule_length":71,"matched_length":71,"match_coverage":100.0,"rule_relevance":100}]"identifier":"mit-old-style-ec759ae0-1234-f138-793e-356789e080c0"],"detected_license_expressions":"mit-old-style","detected_license_expressions_spdx":"LicenseRef-scancode-mit-old-style","copyrights":[{"value":"Copyright (c) 1997 Christian Michelsen Research AS Advanced Computing","start_line":3,"end_line":5}],"holders":[{"value":"Christian Michelsen Research AS Advanced Computing","start_line":3,"end_line":5}],"authors":[],"package_data":[],"emails":[],"urls":[{"url":"http://www.cmr.no/","start_line":7,"end_line":7}],"files_count":0,"dirs_count":0,"size_count":0,"scan_errors":[]},
This is the recommended output option for ScanCode-Toolkit.
Note
The <OUTPUT FORMAT OPTION(s)> includes both the output option and output file name.
For example in the command scancode-clpieu--json-ppoutput.jsonsamples,
--json-ppoutput.json is <OUTPUT FORMAT OPTION(s)>.
Warning
There isn’t a “Default” output option in Versions 3.x onwards, you have to
specify <OUTPUT FORMAT OPTION(s)> explicitly.
SPDX stands for “Software Package and Data Exchange” and is an open standard
for communicating software bill of material information (including components, licenses,
copyrights, and security references).
Example
The following code performs a scan on the samples directory, and publishes the results in
spdx-rdf format
scancode-clpieu--spdx-rdfoutput.spdxsamples
Learn more about SPDX specifications here and in this GitHub
repository.
Here the file is structured as a dictionary of named properties and classes using W3C’s
RDF Technology.
This format is another SPDX variant, with the output file being structured in the following
manner:
The following code performs a scan on the samples directory, and publishes the results in
spdx-tv format
scancode-clpieu--spdx-tvoutput.spdxsamples
A SPDX-TV file starts with
# Document Information
SPDXVersion: SPDX-2.1
DataLicense: CC0-1.0
DocumentComment: <text>Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
OR CONDITIONS OF ANY KIND, either express or implied. No content created from
ScanCode should be considered or used as legal advice. Consult an Attorney
for any legal advice.
ScanCode is a free software code scanning tool from nexB Inc. and others.
Visit https://github.com/aboutcode-org/scancode-toolkit/ for support and download.</text>
# Creation Info
Creator: Tool: ScanCode 2.2.1
Created: 2019-09-22T21:55:04Z
After a section titled #Packages, a list follows.
Each File information is listed under a #File title, for each of the files.
FileName
FileChecksum
LicenseConcluded
LicenseInfoInFile
FileCopyrightText
Example
After the files section, there’s a section for licenses under a #Licences title, with the
following information for each license:
ScanCode supports formatting the Output result is a simple html format, to open with your
favorite browser. This helps quick visualization of the detected license/copyright and other
main information in the form of tables.
The following code performs a scan on the samples directory, and publishes the results in
HTML format
scancode-clpieu--htmloutput.htmlsamples
The HTML page generated has these following Tables:
Copyright and Licenses Information
File Information
Package Information
License References (SPDX ID, Links to spdx/scancode/licensedb/License Homepage)
Note
For the license references table it is recommended to pass the --license-references argument.
However, there is a fall back implemented in case the license_references data is missing.
ScanCode also supports formatting the output in a HTML visualization tool, which is more
helpful than the standard HTML format.
Warning
The html-app feature has been deprecated and you should use ScanCode Workbench instead
to visualize scan results. The official Repository link.
Also refer Visualizing scan results.
The following code performs a scan on the samples directory, and publishes the results in
html-app format
scancode -clpieu –html-app output.html samples
The Files scanned are shown in the left sidebar, and the section on the right contains separate
tabs for the following:
License Summary
Copyright Summary
Clues
File Details
Packages
Note
The HTML app also contains a Search option to easily find what you are looking for.
But the HTML app output is deprecated and we recommend using scancode-workbench instead:
https://github.com/aboutcode-org/scancode-workbench.
ScanCode also supports the CycloneDx output format
Please note that this output format is only useful when scanning with the --package option
This output format is particularly useful if you want to process ScanCode results
in downstream tools that can’t process ScanCode’s native JSON output,
but do support CycloneDx BOMs.
