Application Settings

ScanCode.io is configured with environment variables stored in a .env file.

The .env file is created at the root of the ScanCode.io codebase during its installation. You can configure your preferences using the following settings in the .env file.

Note

ScanCode.io is based on the Django web framework and its settings system. The list of settings available in Django is documented at Django Settings.

Tip

Settings specific to ScanCode.io are all prefixed with SCANCODEIO_.

DATABASE

The database can be configured using the following settings:

SCANCODEIO_DB_HOST=localhost
SCANCODEIO_DB_NAME=scancodeio
SCANCODEIO_DB_USER=user
SCANCODEIO_DB_PASSWORD=password
SCANCODEIO_DB_PORT=5432

SCANCODEIO_REQUIRE_AUTHENTICATION

By default, the ScanCode.io Web UI and REST API are available without any authentication.

The authentication system can be enable with this settings:

SCANCODEIO_REQUIRE_AUTHENTICATION=True

Once enabled, all the Web UI views and REST API endpoints will force the user to login to gain access.

A management command $ scanpipe create-user <username> is available to create users and generate their API key for authentication.

See Authentication for details on using the API key authentication system in the REST API.

SCANCODEIO_WORKSPACE_LOCATION

This setting defines the workspace location of a given project. The workspace is the directory where all of the project’s files are stored , such as input, codebase, and output files:

SCANCODEIO_WORKSPACE_LOCATION=/var/scancodeio/workspace/

It defaults to a var/ directory in the local ScanCode.io codebase.

See Project workspace for more details.

SCANCODEIO_PROCESSES

By default, multiprocessing is enabled and configured to use an optimal number of CPUs available on the machine. You can control the number of parallel processes available to ScanCode.io using the SCANCODEIO_PROCESSES setting:

SCANCODEIO_PROCESSES=4

Multiprocessing can be disabled entirely using “0”:

SCANCODEIO_PROCESSES=0

To disable both multiprocessing and threading, use “-1”:

SCANCODEIO_PROCESSES=-1

Note

Multiprocessing and threading are disabled by default on operating system where the multiprocessing start method is not “fork”, such as on macOS.

SCANCODEIO_ASYNC

When enabled, pipeline runs are executed asynchronously, meaning that users can continue using the app while the pipeline are run in the background.

The ASYNC mode is enabled by default in a “Run with Docker” configuration but disabled in a “Local development” setup.

It is possible to enable ASYNC mode in a “local development” setup with the following setting:

SCANCODEIO_ASYNC=True

Once enabled, pipeline runs will be sent to a task queue instead of being executed synchronously in the web server process.

Warning

The ASYNC mode required a Redis server and running a tasks worker using $ make worker.

SCANCODE_TOOLKIT_CLI_OPTIONS

Use this setting to provide any default options for running ScanCode-toolkit.

Note

Refer to ScanCode-toolkit Available Options for the full list of available options.

The following example explicitly defines a timeout value of 60:

SCANCODE_TOOLKIT_CLI_OPTIONS=--timeout 60

SCANCODEIO_PIPELINES_DIRS

This setting defines any additional locations that ScanCode.io will search in for pipelines. It usually includes a list of comma-separated strings containing full paths of additional pipelines directories:

SCANCODEIO_PIPELINES_DIRS=/var/scancodeio/pipelines/,/home/user/pipelines/

SCANCODEIO_POLICIES_FILE

This setting defines the location of the policies file, or policies.yml. A valid policies file is required to enable compliance-related features.

license_policies:
-   license_key: mit
    label: Approved License
    compliance_alert: ''
-   license_key: mpl-2.0
    label: Restricted License
    compliance_alert: warning
-   license_key: gpl-3.0
    label: Prohibited License
    compliance_alert: error
  • Licenses are referenced by the license_key.

  • A Policy is defined with label and compliance_alert.

  • The compliance_alert accepts 3 values: ‘’ for an empty string, warning, and error.

Note

When the policy feature is enabled, the compliance_alert values are displayed in the UI and returned in all downloadable results.

Tip

Check out the License Policies and Compliance Alerts tutorial for in-depth coverage of this feature.

SCANCODEIO_REST_API_PAGE_SIZE

A numeric value indicating the number of objects returned per page in the REST API:

SCANCODEIO_REST_API_PAGE_SIZE=100

Default: 50

Warning

Using a large page size may have an impact on performances.

SCANCODEIO_LOG_LEVEL

By default, only a minimum of logging messages is displayed in the console, mostly to provide some progress about pipeline run execution.

Default: INFO

The DEBUG value can be provided to this setting to see all ScanCode.io debug messages to help track down configuration issues for example. This mode can be enabled globally through the .env file:

SCANCODEIO_LOG_LEVEL=DEBUG

Or, in the context of running a scanpipe command:

$ SCANCODEIO_LOG_LEVEL=DEBUG bin/scanpipe [command]

The web server can be started in DEBUG mode with:

$ SCANCODEIO_LOG_LEVEL=DEBUG make run

TIME_ZONE

A string representing the time zone for the current ScanCode.io installation. By default the UTC time zone is used:

TIME_ZONE=Europe/Paris

Note

You can view a detailed list of time zones here.