aboutcode-org · DennisClark · Jun 26, 2025 · Jun 26, 2025 · Jun 26, 2025 · Jun 26, 2025
diff --git a/docs/source/aboutcode-project-overview.rst b/docs/source/aboutcode-project-overview.rst
@@ -4,13 +4,38 @@
 AboutCode Project Overview
 ==========================
 
-The primary current AboutCode projects are:
+Primary AboutCode Projects
+--------------------------
 
 .. toctree::
    :maxdepth: 2
 
-   aboutcode-projects/scancode-toolkit-project
    aboutcode-projects/scancodeio-project
-   aboutcode-projects/scancode-workbench-project
    aboutcode-projects/vulnerablecode-project
+   aboutcode-projects/purldb-project
+   aboutcode-projects/scancode-toolkit-project
+   aboutcode-projects/scancode-workbench-project
+   aboutcode-projects/dejacode-project
+
+Supporting AboutCode Projects
+-----------------------------
+
+.. toctree::
+   :maxdepth: 2
+
    aboutcode-projects/aboutcode-toolkit-project
+
+Getting Started
+---------------
+
+.. toctree::
+   :maxdepth: 2
+
+   getting-started/manage-license-policies
+
+   getting-started/create-sboms
+
+   getting-started/consume-sboms
+
+   getting-started/cra-compliance
+
diff --git a/docs/source/aboutcode-projects/dejacode-project.rst b/docs/source/aboutcode-projects/dejacode-project.rst
@@ -0,0 +1,33 @@
+.. _dejacode-project:
+
+DejaCode
+========
+
+`DejaCode <https://github.com/aboutcode-org/dejacode>`_: is a Cloud
+application server that automates open source license compliance and ensures
+software supply chain integrity. It is a comprehensive enterprise-level application,
+powered by `ScanCode <https://github.com/nexB/scancode-toolkit>`_,
+the industry-leading code scanner.
+
+* Run scans and track all the open source and third-party products and
+  components used in your software.
+* Apply usage policies at the license or component level,
+  integrate into ScanCode to ensure compliance.
+* Capture software inventories (SBOMs), generate compliance artifacts, and keep
+  historical data.
+* Ensure FOSS compliance with enterprise-grade features and integrations for DevOps
+  and software systems.
+* Scan a software package, simply by providing its Download URL, to get comprehensive
+  details of its composition and create an SBOM.
+* Load software package data into DejaCode with the integration for the open source
+  ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM.
+* Track and report vulnerability tracking and reporting by integrating with the open
+  source VulnerableCode project.
+* Create, publish and share SBOM documents in DejaCode, including detailed attribution
+  documentation and custom reports in multiple file formats and standards, such as
+  CycloneDX and SPDX.
+
+Read more at: https://dejacode.readthedocs.io
+
+Get the code at: https://github.com/aboutcode-org/dejacode
+
diff --git a/docs/source/aboutcode-projects/purldb-project.rst b/docs/source/aboutcode-projects/purldb-project.rst
@@ -0,0 +1,26 @@
+.. purldb-project:
+
+PurlDB
+======
+
+`PurlDB <https://github.com/aboutcode-org/purldb>`_: is a set of
+tools to create and expose a database of purls (Package URLs). This project is
+sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and
+nexB for https://www.aboutcode.org/
+
+The PurlDB tools include:
+
+* PackageDB that is the reference model (based on ScanCode toolkit) that contains
+  package data with PURL (Package URLs) being a first class citizen.
+* MineCode that contains utilities to mine package repositories
+* MatchCode that contains utilities to index package metadata and resources for
+  matching
+* MatchCode.io that provides package matching functionalities for codebases
+* ClearCode that contains utilities to mine Clearlydefined for package data
+* purldb-toolkit CLI utility and library to use the PurlDB, its API and various
+  related libraries.
+
+Read more at: https://purldb.readthedocs.io
+
+Get the code at: https://github.com/aboutcode-org/purldb
+
diff --git a/docs/source/getting-started/consume-sboms.rst b/docs/source/getting-started/consume-sboms.rst
@@ -0,0 +1,97 @@
+.. _consume-sboms:
+
+Use AboutCode to consume SBOMs from your suppliers
+==================================================
+
+You can use **ScanCode.io** to consume SBOMs from your suppliers. ScanCode.io will
+identify all the licenses associated with your codebase resources, highlighting the ones
+that need attention based on your policies. ScanCode.io also identifies and highlights
+software vulnerabilities.
+
+You can also use **DejaCode** to consume SBOMs from your suppliers, generally in the
+context of an SBOM that you intend to use in one of your own products.
+
+1. Install AboutCode Projects
+-----------------------------
+
+**Install ScanCode.io**
+
+https://scancodeio.readthedocs.io/en/latest/installation.html
+
+**Install DejaCode.**
+
+https://dejacode.readthedocs.io/en/latest/installation.html
+
+**Setup your own Dataspace in DejaCode**
+
+https://dejacode.readthedocs.io/en/latest/dataspace.html
+
+.. note::
+    Not ready to install your own instance of DejaCode? Consider taking a look at
+    the DejaCode public evaluation site to take a test drive, and if you have specific
+    requirements, you may also request a private SaaS evaluation dataspace.
+    See https://public.dejacode.com/account/register/
+
+Configure DejaCode to integrate with ScanCode.io. See
+
+https://dejacode.readthedocs.io/en/latest/application-settings.html#scancodeio
+
+**Install PurlDB**
+
+https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/getting-started/install.html
+
+Configure DejaCode to integrate with your PurlDB instance. See:
+
+https://dejacode.readthedocs.io/en/latest/application-settings.html#purldb
+
+.. note::
+    Not ready to install your own instance of PurlDB? You can configure DejaCode to
+    integrate with the public version at https://public.purldb.io/
+
+**Install VulnerableCode**
+
+https://vulnerablecode.readthedocs.io/en/latest/installation.html#installation
+
+Configure Dejacode to integrate with your Vulnerablecode instance.
+
+https://dejacode.readthedocs.io/en/latest/dataspace.html#enable-vulnerablecodedb-service
+
+.. note::
+    Not ready to install your own instance of VulnerableCode? You can configure DejaCode
+    to integrate with the public version at https://public.vulnerablecode.io/
+
+
+2. Load Package Data from SBOMs to ScanCode.io
+----------------------------------------------
+
+Create a new Project in ScanCode.io .
+
+https://scancodeio.readthedocs.io/en/latest/user-interface.html#creating-a-new-project
+
+Load package data from one or more SBOMs to your Project using the load_sbom Pipeline.
+
+https://scancodeio.readthedocs.io/en/latest/built-in-pipelines.html#load-sbom
+
+Review the details in your ScanCode.io project.
+
+Export the results in the appropriate format to share with your team.
+
+https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files
+
+
+3. Import SBOM data to a DejaCode Product
+-----------------------------------------
+
+Create a new Product in DejaCode for comprehensive analysis and action.
+
+https://dejacode.readthedocs.io/en/latest/tutorial-1.html
+
+Load an SBOM to your Dejacode Product.
+
+https://dejacode.readthedocs.io/en/latest/tutorial-5-sboms.html#load-an-sbom-to-your-product
+
+Review and edit your Product in DejaCode. Enrich the data as needed.
+
+Generate Attribution and SBOMs from DejaCode Products.
+
+https://dejacode.readthedocs.io/en/latest/tutorial-5-sboms.html#tutorial-5-working-with-sboms-in-a-product
diff --git a/docs/source/getting-started/cra-compliance.rst b/docs/source/getting-started/cra-compliance.rst
@@ -0,0 +1,11 @@
+.. _cra-compliance:
+
+Use AboutCode to support CRA compliance
+=======================================
+
+The AboutCode stack provides you with the tools you need to support CRA Compliance
+activities, including code scanning and analysis, license identification, vulnerability
+management, and SBOM generation.
+
+https://dejacode.readthedocs.io/en/latest/reference-3-cravex.html
+
diff --git a/docs/source/getting-started/create-sboms.rst b/docs/source/getting-started/create-sboms.rst
@@ -0,0 +1,96 @@
+.. _create-sboms:
+
+Use AboutCode to create SBOMs for your products
+===============================================
+You can use **ScanCode.io** to create an SBOM from a scanned package, codebase or
+product. ScanCode.io will identify all the licenses associated with the scanned object,
+highlighting the licenses that need attention based on your policies. You can also use
+ScanCode.io to identify software vulnerabilities. With its library of standard and
+custom pipelines, ScanCode.io performs a deep and comprehensive scanning to meet your
+analysis requirements.
+
+If you need to edit the results of a scan, **Dejacode** will enable you to import those
+results into a product, review your product inventories, assert license conclusions,
+and record your analysis and actions related to any licenses that require attention.
+You can also record your analysis and actions related to any software vulnerabilities
+that have been discovered. You can then use DejaCode to create SBOMs for your products.
+
+1. Install AboutCode Projects
+-----------------------------
+
+**Install DejaCode.**
+
+https://dejacode.readthedocs.io/en/latest/installation.html
+
+**Setup your own Dataspace in DejaCode**
+
+https://dejacode.readthedocs.io/en/latest/dataspace.html
+
+.. note::
+    Not ready to install your own instance of DejaCode? Consider taking a look at
+    the DejaCode public evaluation site to take a test drive, and if you have specific
+    requirements, you may also request a private SaaS evaluation dataspace.
+    See https://public.dejacode.com/account/register/
+
+**Install ScanCode.io**
+
+https://scancodeio.readthedocs.io/en/latest/installation.html
+
+Configure DejaCode to integrate with ScanCode.io. See
+
+https://dejacode.readthedocs.io/en/latest/application-settings.html#scancodeio
+
+**Install PurlDB**
+
+https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/getting-started/install.html
+
+Configure DejaCode to integrate with your PurlDB instance. See:
+
+https://dejacode.readthedocs.io/en/latest/application-settings.html#purldb
+
+.. note::
+    Not ready to install your own instance of PurlDB? You can configure DejaCode to
+    integrate with the public version at https://public.purldb.io/
+
+**Install VulnerableCode**
+
+https://vulnerablecode.readthedocs.io/en/latest/installation.html#installation
+
+Configure Dejacode to integrate with your Vulnerablecode instance.
+
+https://dejacode.readthedocs.io/en/latest/dataspace.html#enable-vulnerablecodedb-service
+
+.. note::
+    Not ready to install your own instance of VulnerableCode? You can configure DejaCode
+    to integrate with the public version at https://public.vulnerablecode.io/
+
+
+2. Scan software using ScanCode.io
+----------------------------------
+
+Create new Projects in ScanCode.io to scan packages, codebases, or products. You can
+also load inventories (scan results) created by ScanCode-Toolkit. You can specify
+the exact pipelines to use for particular platforms and technologies.
+
+https://scancodeio.readthedocs.io/en/latest/user-interface.html#creating-a-new-project
+
+Export the scan results in the appropriate format to share with your team. ScanCode.io
+will report details of the identified packages if you choose to export SBOMs.
+
+https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files
+
+
+3. Import scan results to DejaCode products
+-------------------------------------------
+
+Create new Products in DejaCode for comprehensive analysis and action. DejaCode allows
+you and your team members to edit a Product inventory as needed to assert license
+choices and conclusions, and to document your vulnerability status.
+
+https://dejacode.readthedocs.io/en/latest/tutorial-1.html
+
+Generate Attribution and SBOMs from DejaCode Products. You can generate SBOMs in both
+SPDX and CycloneDX (inlucing VEX) formats.
+
+https://dejacode.readthedocs.io/en/latest/tutorial-5-sboms.html#tutorial-5-working-with-sboms-in-a-product
+
diff --git a/docs/source/getting-started/manage-license-policies.rst b/docs/source/getting-started/manage-license-policies.rst
@@ -0,0 +1,59 @@
+.. _manage-license-policies:
+
+Use AboutCode to manage and communicate license policies
+========================================================
+
+You can define the Usage Policy choices that may apply to various application object
+types such as Licenses, Components, Subcomponent relationships, and Packages.
+For each application object type, you can specify the Usage Policy label text, icon,
+and icon color for each relevant policy position that you need to communicate to your
+users. Examples include Recommended, Approved, Restricted, and Prohibited.
+
+1. Install AboutCode Projects
+-----------------------------
+
+**Install DejaCode.**
+
+https://dejacode.readthedocs.io/en/latest/installation.html
+
+**Setup your own Dataspace in DejaCode**
+
+https://dejacode.readthedocs.io/en/latest/dataspace.html
+
+.. note::
+    Not ready to install your own instance of DejaCode? Consider taking a look at
+    the DejaCode public evaluation site to take a test drive, and if you have specific
+    requirements, you may also request a private SaaS evaluation dataspace.
+    See https://public.dejacode.com/account/register/
+
+2. Create Your Usage Policies
+-----------------------------
+
+You can copy the Reference data usage policies to your dataspace for a quick start.
+Modify them to fit your specific requirements.
+
+For details, see https://dejacode.readthedocs.io/en/latest/howto-1.html
+
+Assign your usage policies to licenses. For details, see
+https://dejacode.readthedocs.io/en/latest/howto-1.html#assign-your-usage-policies-to-licenses
+
+Make your usage policies visible to DejaCode users. For details, see
+https://dejacode.readthedocs.io/en/latest/howto-1.html#make-usage-policies-visible-to-your-users
+
+3. Export Your Usage Policies
+-----------------------------
+
+You can export your DejaCode Usage Policies to a file that can be used in other
+applications.
+
+https://dejacode.readthedocs.io/en/latest/howto-1.html#export-license-policy-definitions
+
+You can use your Usage Policies in **ScanCode Toolkit** with the "--license-policy"
+Post-Scan option
+
+https://scancode-toolkit.readthedocs.io/en/stable/cli-reference/list-options.html#all-post-scan-options
+
+You can use your Usage Policies in **ScanCode.io** with a "policies.yml" file
+
+https://scancodeio.readthedocs.io/en/latest/tutorial_license_policies.html#license-policies-and-compliance-alerts
+