FAQs
You can’t find what you’re looking for? Below you’ll find answers to a few of our frequently asked questions.
How can I run a scan?
You simply start by creating a new project and run the appropriate pipeline.
ScanCode.io offers several Built-in Pipelines depending on your input:
Docker image
Codebase drop
Package archive
Root filesystem
ScanCode-toolkit results
Manifest files
Deploy and develop codebase drops
What is the difference between scan_codebase and scan_package pipelines?
The key differences are that the scan_package pipeline treats the input
as if it were a single package, such as a package archive, and computes a
License clarity and a Scan summary to aggregate the package scan data:
In contrast, the scan_codebase pipeline is more of a general purpose pipeline and
make no such single package assumption. It does not not compute such summary.
You can also have a look at the different steps for each pipeline from the Built-in Pipelines documentation:
Can I pause/resume a running pipeline?
You can stop/terminate a running pipeline but it will not be possible to resume it. Although, as a workaround if you run ScanCode.io on desktop or laptop, you can pause/unpause the running Docker containers with:
docker compose pause # to pause/suspend
docker compose unpause # to unpause/resume
What tool does ScanCode.io use to analyze docker images?
The following tools and libraries are used during the docker images analysis pipeline:
container-inspector and debian-inspector for handling containers and distros.
fetchcode-container to download containers and images.
scancode-toolkit for application package scans and system package scans.
extractcode for universal and reliable archive extraction.
Specific handling of windows containers is done in scancode-toolkit to process the windows registry.
Secondary libraries and plugins from scancode-plugins.
The pipeline documentation is available at Docker Image Analysis and its source code at docker.py. It is hopefully designed to be simple and readable code.
I am unable to run ScanCode.io on Windows?
Unfortunately, we never tested nor support Windows. Please refer to our Installation section for more details on how to install ScanCode.io locally.
Is it possible to compare scan results?
At the moment, you can only download full reports in JSON and XLSX formats. Please refer to our Output Files section for more details on the output formats.
How can I trigger a pipeline scan from a CI/CD, such as Jenkins, TeamCity or Azure Devops?
You can use the REST API to automate your project or pipeline management.