If you're focused on identifying vulnerabilities, managing security risks, or performing software composition analysis, AboutCode provides vulnerability scanning and security analysis capabilities.
- New to Vulnerability Scanning?
- → :ref:`start-scanning-code` - Run your first scan → https://public.vulnerablecode.io/ - Explore the vulnerability database
- Analyzing Security Risks
- → :ref:`vulnerablecode-project` - Query CVEs and security advisories → :ref:`consume-sboms` - Enrich SBOMs with vulnerability data
- Integration & Automation
- → :ref:`persona-developer-integrator` - API and CI/CD integration
- VulnerableCode - Free, open vulnerability database (https://public.vulnerablecode.io/)
- ScanCode.io - Scan packages and containers for vulnerabilities
- PurlDB - Package metadata enrichment (https://public.purldb.io/)
AboutCode uses Package URLs (PURLs) as universal package identifiers and aggregates vulnerability data from NVD, GitHub Security Advisories, OSV, and ecosystem-specific databases. All data includes severity scores, affected version ranges, and fix information.
- :ref:`persona-legal-compliance` - If you also handle license compliance
- :ref:`persona-developer-integrator` - For CLI and API documentation