A simple idea to keep
software provenance data close to the code
The ABOUT tool and ABOUT files provide a simple
way to document the provenance (origin and
license) and other important or interesting
information about third-party software
components that you use in your project.
The tool is a command line based utility written in
Python, released under Apache 2.0, and is available on
The ABOUT tool helps automate OSS compliance that is needed
throughout the software lifecycle.
Who are we?
The dejacode.org website is hosted by
We are the creators of
which provides a central business system for
software component tracking and reporting.
Our mission is to provide the tools and services
that enable and accelerate component-based software
development. Reusing software components is essential
for the efficient delivery of software products and
systems in every industry.
We also offer professional services to help companies actively identify and manage their software assets, including provenance analysis of open source and other third-party software components.
What we are building
nexB is sponsoring a new community website to foster development and sharing of practical techniques and tools that software development teams can use to document the provenance of open source components.
This initiative is not a replacement for the techniques and tools needed to determine the provenance (origin and license) of software components. Rather we are attacking two problems that you quickly encounter after you complete a baseline analysis of the open source components in your product:
- Software developers need a practical way to access and update license and related information for software components
- Companies need a practical way to comply with open source requirements – primarily attribution and, if necessary, source code redistribution
The website will offer forums for sharing information and host open source projects to develop compliance automation tools. The core idea is to add software component metadata in text files in your codebase and then extract that data for compliance purposes. This approach is simple and adaptable to any software development environment.
We are starting with documentation of how some organizations currently automate compliance with open source license obligations.
To stay on top of what's happening with DejaCode.org enter your email address below