DejaCode
Automate open source license compliance and software supply chain integrity
Founded
N/A
Starting Price
Free
Category
Security & IT
Last updated March 24, 2026
About DejaCode
DejaCode is an enterprise-level application by nexB that automates open source license compliance and ensures software supply chain integrity. Powered by ScanCode, it lets you track all open source and third-party components, generate SBOMs in CycloneDX and SPDX formats, apply usage policies, and produce compliance artifacts including attribution documentation. Available as both a cloud-hosted SaaS and on-premises installation, it integrates with VulnerableCode for vulnerability tracking and PurlDB for package reference data.
Pros & Cons
Pros
- Comprehensive open source compliance in a single platform
- Powered by industry-leading ScanCode scanner
- Supports both CycloneDX and SPDX SBOM standards
- Available as SaaS or self-hosted on-premises
- Free open source community edition (AGPL-3.0)
Key Features
Open source license compliance automation
Automatically track and enforce license obligations across your software portfolio
Software composition analysis (SCA)
Identify all open source and third-party components in your codebase
SBOM generation in CycloneDX and SPDX formats
Create, publish and share software bill of materials in industry-standard formats
ScanCode-powered code scanning
Leverage the industry-leading ScanCode engine for deep code and license detection
Vulnerability tracking via VulnerableCode
Monitor aggregated vulnerability data for all tracked components
Package reference data via PurlDB and LicenseDB
Access comprehensive public reference data for packages and licenses
Usage policy management
Apply and enforce usage policies at the license or component level
Pricing
Community (Open Source)
Free
- Self-hosted deployment
- AGPL-3.0 licensed
- Full source code access
- ScanCode integration
- SBOM generation (CycloneDX & SPDX)