Integrate ScanCode Toolkit with Vulnetix. Scan your codebase for licences, copyrights, and package metadata using ScanCode via uv, then upload the CycloneDX or SPDX SBOM to Vulnetix.
CLI toolCycloneDXSPDXJSON
Install & scan
$ # Recommended: run without global install uv run --with scancode-toolkit scancode --version # Or install globally pip install scancode-toolkit $ uv run --with scancode-toolkit scancode --license --copyright --package --cyclonedx scan-bom.cdx.json .
Run ScanCode Toolkit in CI
Scan on every push and upload the results to Vulnetix:
- name: Install uv run: curl -LsSf https://astral.sh/uv/install.sh | sh - name: Run ScanCode run: uv run --with scancode-toolkit scancode --license --copyright --package --cyclonedx bom.cdx.json . - name: Upload to Vulnetix run: vulnetix upload --file bom.cdx.json
Centralise ScanCode Toolkit results in Vulnetix
Upload ScanCode Toolkit CycloneDX, SPDX, JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.