ScanCode CLI

Below is a quick reference of all ScanCode options. For detailed descriptions and examples, please refer to the chapters in the table of contents or the link to the detailed CLI options at the end of each section.

This has the same CLI options in the --help, available in the command line but with more details and additional references.

Basic options

Option lists are two-column lists of command-line options and descriptions, documenting a program’s options. For example:

-c, --copyright

Scan <input> for copyrights.

Sub-options:

  • --consolidate

-l, --license

Scan <input> for licenses.

Sub-options:

  • --license-references

  • --license-text

  • --license-text-diagnostics

  • --license-diagnostics

  • --license-url-template TEXT

  • --license-score INT

  • --license-clarity-score

  • --consolidate

  • --unknown-licenses

-p, --package

Scan <input> for packages.

Sub-options:

  • --consolidate

--system-package

Scan <input> for installed system package databases.

--package-in-compiled

Scan compiled executable binaries such as ELF, WinpE and Mach-O files, looking for structured package and dependency metadata. Note that looking for packages in binaries makes package scan slower. Currently supported compiled binaries: Go, Rust.

--package-only

Faster package scan, scanning <input> for system and application packages, only for package metadata. This option is skipping - license and copyright detection for package metadata - package assembly

-e, --email

Scan <input> for emails.

Sub-options:

  • --max-email INT

-u, --url

Scan <input> for urls.

Sub-options:

  • --max-url INT

-i, --info

Scan for and include information such as:

  • Size,

  • Type,

  • Date,

  • Programming language,

  • sha1 and md5 hashes,

  • binary/text/archive/media/source/script flags

  • Additional options through more CLI options

Sub-options:

  • --mark-source

Note

Unlike previous 2.x versions, -c, -l, and -p are not default. If any combination of these options are used, ScanCode performs only that specific task, and not the others. scancode -l scans only for licenses, and doesn’t scan for copyright/packages/general information/emails/urls. The only notable exception: a --package scan also has license information for package manifests and top-level packages, which are derived regardless of --license option being used.

Note

These options, i.e. -c, -l, -p, -e, -u, and -i can be used together. As in, instead of scancode -c -i -p, you can write scancode -cip and it will be the same.

--generated

Classify automatically generated code files with a flag.

--max-email INT

Report only up to INT emails found in a file. Use 0 for no limit.

Default: 50

Sub-option of: --email

--max-url INT

Report only up to INT urls found in a file. Use 0 for no limit.

Default: 50

Sub-option of: --url

--license-score INTEGER

Do not return license matches with scores lower than this score. A number between 0 and 100.

Default: 0 (i.e. we return all license matches by default).

Here, a bigger number means a better match, i.e. Setting a higher license score translates to a higher threshold (with equal or smaller number of matches).

Sub-option of: --license

--license-text

Include the matched text for the detected licenses in the output report.

Sub-option of: --license

Sub-options:

  • --license-text-diagnostics

--license-url-template TEXT

Set the template URL used for the license reference URLs.

In a template URL, curly braces ({}) are replaced by the license key.

Default: https://scancode-licensedb.aboutcode.org/{}

Sub-option of: --license

--license-text-diagnostics

In the matched license text, include diagnostic highlights surrounding with square brackets [] words that are not matched.

Sub-option of: --license and --license-text

--license-diagnostics

In license detections, include diagnostic details to figure out the license detection post processing steps applied.

Sub-option of: --license

--unknown-licenses

[EXPERIMENTAL] Detect unknown licenses.

Sub-option of: --license

For more details into the basic CLI options, see Basic options.

Core options

-n, --processes INTEGER

Scan <input> using n parallel processes.

Default: (number of CPUs)-1

-v, --verbose

Print verbose file-by-file progress messages.

-q, --quiet

Do not print summary or progress messages.

--timeout FLOAT

Stop scanning a file if scanning takes longer than a timeout in seconds.

Default: 120

--from-json

Load codebase from one or more existing JSON scans to:

  • apply post-scan options to do additional processing of scan results

  • merge multiple JSON scans into one.

--max-in-memory INTEGER

Maximum number of files and directories scan details kept in memory during a scan. Additional files and directories scan details above this number are cached on-disk rather than in memory. Use 0 to use unlimited memory and disable on-disk caching. Use -1 to use only on-disk caching.

Default: 10000

--max-depth INTEGER

Descend at most INTEGER levels of directories including and below the starting point. INTEGER must be positive or zero for no limit.

Default: 0

For more details into the core CLI options, see Core options.

Output formats

--json FILE

Write scan output as compact JSON to FILE.

--json-pp FILE

Write scan output as pretty-printed JSON to FILE. This is one of the recommended output formats and contains all the data scancode can show along with the YAML output format.

--json-lines FILE

Write scan output as JSON Lines to FILE.

--yaml FILE

Write scan output as YAML to FILE. This is one of the recommended output formats and contains all the data scancode can show along with the JSON output format.

--csv FILE

DEPRECATED: Write scan output as CSV to FILE. This option is deprecated and will be replaced by new CSV and tabular output formats in the next ScanCode release. Visit this issue for details, and to provide input and feedback: https://github.com/aboutcode-org/scancode-toolkit/issues/3043

--html FILE

Write scan output as HTML to FILE.

--custom-output

Write scan output to FILE formatted with the custom Jinja template file.

Mandatory sub-option:

  • --custom-template FILE

--custom-template FILE

Use this Jinja template FILE as a custom template.

Sub-option of: --custom-output

--debian FILE

Write scan output in machine-readable Debian copyright format to FILE.

--spdx-rdf FILE

Write scan output as SPDX RDF to FILE.

--spdx-tv FILE

Write scan output as SPDX Tag/Value to FILE.

--html-app FILE

[DEPRECATED] Use scancode-workbench instead. Write scan output as a mini HTML application to FILE.

--cyclonedx FILE

Write scan output as a CycloneDx 1.3 BOM in pretty-printed JSON format to FILE

--cyclonedx-xml FILE

Write scan output as a CycloneDx 1.3 BOM in pretty-printed XML format to FILE

Warning

The html-app feature has been deprecated and you should use ScanCode Workbench instead to visualize scan results. The official Repository link. Also refer Visualizing scan results.

For more details into the output format CLI options, see ScanCode output formats.

Controlling output and filters

--strip-root

Strip the root directory segment of all paths.

--full-root

Report full, absolute paths.

Note

The options --strip-root and --full-root can’t be used together, i.e. Any one option may be used in a single scan.

Note

The default is to always include the last directory segment of the scanned path such that all paths have a common root directory.

--ignore-author <pattern>

Ignore a file (and all its findings) if an author contains a match to the <pattern> regular expression.

--ignore-copyright-holder <pattern>

Ignore a file (and all its findings) if a copyright holder contains a match to the <pattern> regular expression.

Note

Note that this both the options --ignore-author and --ignore-copyright-holder will ignore a file even if it has other scanned data such as a license or errors.

--only-findings

Only return files or directories with findings for the requested scans. Files and directories without findings are omitted (file information is not treated as findings).

For more details into the output filter CLI options, see Controlling ScanCode output and filters.

Pre-scan options

--ignore <pattern>

Ignore files matching <pattern>.

--include <pattern>

Include files matching <pattern>.

--facet <facet_pattern>

Here <facet_pattern> represents <facet>=<pattern>. Add the <facet> to files with a path matching <pattern>.

Sub-options:

  • --tallies-by-facet

For more details into the pre-scan CLI options, see Pre-scan options.

Post-scan options

--mark-source

Set the “is_source” flag to true for directories that contain over 90% of source files as direct children and descendants. Count the number of source files in a directory as a new “source_file_counts” attribute

Sub-option of: --url

--consolidate

Group resources by Packages or license and copyright holder and return those groupings as a list of consolidated packages and a list of consolidated components. The –consolidate option will be deprecated in a future version of scancode-toolkit as top level packages now provide improved consolidated data.

Sub-option of: --copyright, --license and --packages.

--filter-clues

Filter redundant duplicated clues already contained in detected licenses, copyright texts and notices.

--license-clarity-score

Compute a summary license clarity score at the codebase level.

Sub-option of: --classify.

--license-policy FILE

Load a License Policy file and apply it to the scan at the Resource level.

--license-references FILE

Returns reference data for all licenses and license rules present in detections.

--classify

Classify files with flags telling if the file is a legal, or readme or test file, etc.

Sub-options:

  • --license-clarity-score

  • --tallies-key-files

  • --summry

--summary

Summarize scans by providing declared origin information and other detected info at the codebase attribute level.

Sub-option of:

  • --classify

--todo

Identify license and package detections which needs review as there are potential issues with the detections. Lists all the unique ambigious detections with references to the file path and line numbers, detection details and review comments to help explain the detection issue.

--tallies

Summarize license, copyright and other scans at the codebase level with occurrence counts.

Sub-options:

  • --tallies-by-facet

  • --tallies-key-files

  • --tallies-with-details

--tallies-by-facet

Summarize license, copyright and other scans and group the results by facet.

Sub-option of: --tallies and --facet.

--tallies-key-files

Summarize license, copyright and other scans for key, top-level files, with occurrence counts. Key files are top-level codebase files such as COPYING, README and package manifests as reported by the --classify option: “is_legal”, “is_readme”, “is_manifest” and “is_top_level” flags.

Sub-option of: --classify and --summary.

--tallies-with-details

Summarize license, copyright and other scans at the codebase level with occurrence counts, while also keeping intermediate details at the file and directory level.

For more details into the post-scan CLI options, see Post-scan options.

Other CLI commands

-n, --processes INTEGER

Scan <input> using n parallel processes.

Default: (number of CPUs)-1

-v, --verbose

Print verbose file-by-file progress messages.

-q, --quiet

Do not print summary or progress messages.

Documentation/help options

-h, --help

Show the --help and exit.

--examples

Show the --examples option and exit.

-A, --about

Show information about ScanCode and licensing and exit.

-V, --version

Show the version and exit.

--list-packages

Show the list of supported package types and exit.

--plugins

Show the list of available ScanCode plugins and exit.

--print-options

Show the list of selected options and exit.

Detailed reference for CLI options/commands