FAQs

You can’t find what you’re looking for? Below you’ll find answers to a few of our frequently asked questions.

How can I run a scan?

You simply start by creating a new project and run the appropriate pipeline.

ScanCode.io offers several Built-in Pipelines depending on your input:

  • Docker image

  • Codebase drop

  • Package archive

  • Root filesystem

  • ScanCode-toolkit results

  • Manifest files

  • Deploy and develop codebase drops

What is the difference between scan_codebase and scan_package pipelines?

The key differences are that the scan_package pipeline treats the input as if it were a single package, such as a package archive, and computes a License clarity and a Scan summary to aggregate the package scan data:

_images/license-clarity-scan-summary.png

In contrast, the scan_codebase pipeline is more of a general purpose pipeline and make no such single package assumption. It does not not compute such summary.

You can also have a look at the different steps for each pipeline from the Built-in Pipelines documentation:

Can I pause/resume a running pipeline?

You can stop/terminate a running pipeline but it will not be possible to resume it. Although, as a workaround if you run ScanCode.io on desktop or laptop, you can pause/unpause the running Docker containers with:

docker compose pause  # to pause/suspend
docker compose unpause  # to unpause/resume

What tool does ScanCode.io use to analyze docker images?

The following tools and libraries are used during the docker images analysis pipeline:

The pipeline documentation is available at Docker Image Analysis and its source code at docker.py. It is hopefully designed to be simple and readable code.

I am unable to run ScanCode.io on Windows?

Unfortunately, we never tested nor support Windows. Please refer to our Installation section for more details on how to install ScanCode.io locally.

Is it possible to compare scan results?

At the moment, you can only download full reports in JSON and XLSX formats. Please refer to our Output Files section for more details on the output formats.

How can I trigger a pipeline scan from a CI/CD, such as Jenkins, TeamCity or Azure Devops?

You can use the REST API to automate your project or pipeline management.