diff --git a/.cspell.json.license b/.cspell.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/.cspell.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b316c8340..0285b2bc3 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
diff --git a/.github/label-commenter-config.yml b/.github/label-commenter-config.yml
index b97804de3..34e9e954f 100644
--- a/.github/label-commenter-config.yml
+++ b/.github/label-commenter-config.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 labels:
   - name: breaking
     labeled:
diff --git a/.github/workflows/label-commenter.yml b/.github/workflows/label-commenter.yml
index 2bca93f2c..ef1615984 100644
--- a/.github/workflows/label-commenter.yml
+++ b/.github/workflows/label-commenter.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 name: Label Commenter
 
 on:
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
index 9912adaba..b7d2cc586 100644
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 # The CI runs on ubuntu-22.04; More info about the installed software is found here:
 # https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md
diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml
index 6eb1ca020..41204f18c 100644
--- a/.github/workflows/scb-bot.yaml
+++ b/.github/workflows/scb-bot.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # This is a Github Action workflow that runs daily at 9:15 AM UTC Time.
 # It checks if any of the scanners listed in the matrix section are outdated.
 # If a scanner is outdated, it checks if a pull request to upgrade that scanner already exists.
diff --git a/.mega-linter.yml b/.mega-linter.yml
index 87c7d9aa7..929a17df9 100644
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Configuration file for MegaLinter
 # See all available variables at https://megalinter.github.io/configuration/ and in linters documentation
 
diff --git a/.prettierrc.yaml b/.prettierrc.yaml
index a95cb52bb..0f01d6104 100644
--- a/.prettierrc.yaml
+++ b/.prettierrc.yaml
@@ -1 +1,5 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 bracketSpacing: false
\ No newline at end of file
diff --git a/.python-version b/.python-version
index 0a590336d..c84ebdb5d 100644
--- a/.python-version
+++ b/.python-version
@@ -1 +1,5 @@
-3.9.10
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+3.9.10
\ No newline at end of file
diff --git a/.reuse/dep5 b/.reuse/dep5
index 371162b16..79f9fdf41 100644
--- a/.reuse/dep5
+++ b/.reuse/dep5
@@ -2,3 +2,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: secureCodeBox
 Upstream-Contact: Robert Seedorff <robert.seedorff@iteratec.com>
 Source: https://github.com/secureCodeBox/secureCodeBox
+
+Files: .github/ISSUE_TEMPLATE/*.md
+Copyright: the secureCodeBox authors
+License: Apache-2.0
diff --git a/.templates/new-scanner/integration-tests/jest.config.json.license b/.templates/new-scanner/integration-tests/jest.config.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/.templates/new-scanner/integration-tests/jest.config.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/.templates/new-scanner/parser/__testFiles__/empty.json.license b/.templates/new-scanner/parser/__testFiles__/empty.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/.templates/new-scanner/parser/__testFiles__/empty.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/.templates/new-scanner/parser/__testFiles__/example.com.json.license b/.templates/new-scanner/parser/__testFiles__/example.com.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/.templates/new-scanner/parser/__testFiles__/example.com.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/.yamllint.yaml b/.yamllint.yaml
index aa5355472..4f6b3b4c4 100644
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@@ -1,2 +1,6 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 rules:
   document-start: disable
diff --git a/UPGRADING.md b/UPGRADING.md
index 06c1f0007..6abda8ed5 100644
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 # Upgrading
 
 ## From 2.X to 3.X
diff --git a/auto-discovery/kubernetes/.helmignore b/auto-discovery/kubernetes/.helmignore
index 099a1ad68..9c40f99bc 100644
--- a/auto-discovery/kubernetes/.helmignore
+++ b/auto-discovery/kubernetes/.helmignore
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 bin/
 config/
 controller/
diff --git a/auto-discovery/kubernetes/.vscode/launch.json.license b/auto-discovery/kubernetes/.vscode/launch.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/.vscode/launch.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/.vscode/tasks.json.license b/auto-discovery/kubernetes/.vscode/tasks.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/.vscode/tasks.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/config/rbac/role.yaml b/auto-discovery/kubernetes/config/rbac/role.yaml
index 06b4bd32f..2e43d9f89 100644
--- a/auto-discovery/kubernetes/config/rbac/role.yaml
+++ b/auto-discovery/kubernetes/config/rbac/role.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go
index 39e051795..df56400c2 100644
--- a/auto-discovery/kubernetes/controllers/container_scan_controller.go
+++ b/auto-discovery/kubernetes/controllers/container_scan_controller.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2021 iteratec GmbH
+// SPDX-FileCopyrightText: the secureCodeBox authors
 //
 // SPDX-License-Identifier: Apache-2.0
 
diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go
index 4d6b71b65..22cfa7009 100644
--- a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go
+++ b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2021 iteratec GmbH
+// SPDX-FileCopyrightText: the secureCodeBox authors
 //
 // SPDX-License-Identifier: Apache-2.0
 
diff --git a/auto-discovery/kubernetes/controllers/restart_scan.go b/auto-discovery/kubernetes/controllers/restart_scan.go
index 0eb9b0761..6ad3847a1 100644
--- a/auto-discovery/kubernetes/controllers/restart_scan.go
+++ b/auto-discovery/kubernetes/controllers/restart_scan.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package controllers
 
 import (
diff --git a/auto-discovery/kubernetes/controllers/suite_test_util.go b/auto-discovery/kubernetes/controllers/suite_test_util.go
index f38848fab..1587dc5e3 100644
--- a/auto-discovery/kubernetes/controllers/suite_test_util.go
+++ b/auto-discovery/kubernetes/controllers/suite_test_util.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package controllers
 
 import (
diff --git a/auto-discovery/kubernetes/pkg/util/checkScanConfig.go b/auto-discovery/kubernetes/pkg/util/checkScanConfig.go
index 9e0d6c643..1706a416b 100644
--- a/auto-discovery/kubernetes/pkg/util/checkScanConfig.go
+++ b/auto-discovery/kubernetes/pkg/util/checkScanConfig.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package util
 
 import (
diff --git a/auto-discovery/kubernetes/pkg/util/gotemplate.go b/auto-discovery/kubernetes/pkg/util/gotemplate.go
index 1070cdb3e..db3782635 100644
--- a/auto-discovery/kubernetes/pkg/util/gotemplate.go
+++ b/auto-discovery/kubernetes/pkg/util/gotemplate.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package util
 
 import (
diff --git a/auto-discovery/kubernetes/pkg/util/util_suite_test.go b/auto-discovery/kubernetes/pkg/util/util_suite_test.go
index 9a34451a4..29beb01b1 100644
--- a/auto-discovery/kubernetes/pkg/util/util_suite_test.go
+++ b/auto-discovery/kubernetes/pkg/util/util_suite_test.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package util_test
 
 import (
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore b/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore
index 1c9d29431..ee0eeed1b 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore
+++ b/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore
@@ -1,2 +1,6 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 integration-test/*
 venv/*
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile
index e2e60f8ef..54efd3e02 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile
+++ b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 FROM python:3.11-alpine
 
 COPY requirements.txt .
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Makefile b/auto-discovery/kubernetes/pull-secret-extractor/Makefile
index f19fc89f9..bce3246e9 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/Makefile
+++ b/auto-discovery/kubernetes/pull-secret-extractor/Makefile
@@ -1,4 +1,3 @@
-
 # SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py
index fd51559c2..d8a8039ff 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py
+++ b/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 legacyDefaultDomain = "index.docker.io"
 defaultDomain = "docker.io"
 officialRepoName = "library"
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js
index 2bcdca4c9..2ce6990b2 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js
+++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 const k8s = require("@kubernetes/client-node");
 
 const kc = new k8s.KubeConfig();
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh
index f240e246e..f72670cbb 100755
--- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh
+++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Secret
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/readme.md b/auto-discovery/kubernetes/pull-secret-extractor/readme.md
index 9d88788e2..35dc60cbd 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/readme.md
+++ b/auto-discovery/kubernetes/pull-secret-extractor/readme.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 ## Usage
 The auto-discovery-secret-extraction container should be used as an initContainer to enable Trivy (or other container scan tools) to scan images from private docker registries. The container expects the imageID for which it should find the corresponding secret and the name of the temporary secret as commandline arguments. The initContainer will then read secrets mounted as a volume under `/secrets` and check which secret belongs to the domain of the provided imageID. After the correct secret is identified it will create a temporary secret which will contain the credentials of the private registry of the provided imageID. The temporary secret will have an `ownerReference` to the pod in which this container is running in. This means that the temporary secret will be automatically removed when the scan of the pod is finished.
 
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license b/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py
index 1e9fa4ad8..1730a7dce 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py
+++ b/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 import glob
 import json
 import sys
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py
index 38c5cd945..945c84dd9 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py
+++ b/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 from unittest import TestCase
 
 from docker_image import get_domain_from_docker_image
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py
index 52cd45330..a0a6191eb 100644
--- a/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py
+++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 import sys
 import unittest
 
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/bin/npm-check-updates.sh b/bin/npm-check-updates.sh
index ef024aaca..8a05a781a 100755
--- a/bin/npm-check-updates.sh
+++ b/bin/npm-check-updates.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
+
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
+# SPDX-License-Identifier: Apache-2.0
+
 # Applies all MINOR updates to all `package.json` files using `ncu -u -t minor`
 # in the repository and updates
 # the `package-lock.json` using `npm i`
diff --git a/bin/npm-ci-all.sh b/bin/npm-ci-all.sh
index 05ff2e5f8..09948500f 100755
--- a/bin/npm-ci-all.sh
+++ b/bin/npm-ci-all.sh
@@ -1,5 +1,9 @@
 #!/usr/bin/env bash
 
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 set -euo pipefail
 
 if [ -z "${PROJECT_DIR:-}" ]; then
diff --git a/demo-targets/dummy-ssh/container/Dockerfile b/demo-targets/dummy-ssh/container/Dockerfile
index d90162784..9539d5f0b 100644
--- a/demo-targets/dummy-ssh/container/Dockerfile
+++ b/demo-targets/dummy-ssh/container/Dockerfile
@@ -1,4 +1,4 @@
-# From https://docs.docker.com/engine/examples/running_ssh_service/
+# From https://gdevillele.github.io/engine/examples/running_ssh_service/
 # This file is authored by Docker Inc. and is not covered by the Apache2 Licence by the secureCodeBox project.
 FROM ubuntu:16.04
 
diff --git a/demo-targets/old-joomla/.helmignore b/demo-targets/old-joomla/.helmignore
index 0e8a0eb36..8094c351c 100644
--- a/demo-targets/old-joomla/.helmignore
+++ b/demo-targets/old-joomla/.helmignore
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
diff --git a/demo-targets/old-joomla/templates/NOTES.txt b/demo-targets/old-joomla/templates/NOTES.txt
index bd7d7b433..325756ff8 100644
--- a/demo-targets/old-joomla/templates/NOTES.txt
+++ b/demo-targets/old-joomla/templates/NOTES.txt
@@ -1,3 +1,8 @@
+{{- /*
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+*/}}
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
diff --git a/demo-targets/old-joomla/templates/service.yaml b/demo-targets/old-joomla/templates/service.yaml
index 5a6d7e731..f13cb18af 100644
--- a/demo-targets/old-joomla/templates/service.yaml
+++ b/demo-targets/old-joomla/templates/service.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/demo-targets/old-joomla/templates/tests/test-connection.yaml b/demo-targets/old-joomla/templates/tests/test-connection.yaml
index b8adcddf5..bdc1fccba 100644
--- a/demo-targets/old-joomla/templates/tests/test-connection.yaml
+++ b/demo-targets/old-joomla/templates/tests/test-connection.yaml
@@ -1,3 +1,6 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
 apiVersion: v1
 kind: Pod
 metadata:
diff --git a/demo-targets/old-typo3/.helmignore b/demo-targets/old-typo3/.helmignore
index 0e8a0eb36..8094c351c 100644
--- a/demo-targets/old-typo3/.helmignore
+++ b/demo-targets/old-typo3/.helmignore
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
diff --git a/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php b/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php
index 1e287e0a6..0ca31c06f 100644
--- a/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php
+++ b/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php
@@ -1,4 +1,9 @@
 <?php
+
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 return [
     'BE' => [
         'debug' => false,
diff --git a/demo-targets/old-typo3/container/typo3conf/PackageStates.php b/demo-targets/old-typo3/container/typo3conf/PackageStates.php
index b7174d9a0..87e8d70e8 100644
--- a/demo-targets/old-typo3/container/typo3conf/PackageStates.php
+++ b/demo-targets/old-typo3/container/typo3conf/PackageStates.php
@@ -1,4 +1,9 @@
 <?php
+
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 # PackageStates.php
 
 # This file is maintained by TYPO3's package management. Although you can edit it
diff --git a/demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite.license b/demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/demo-targets/old-typo3/docs/.gitkeep b/demo-targets/old-typo3/docs/.gitkeep
deleted file mode 100644
index 2dc80fc4b..000000000
--- a/demo-targets/old-typo3/docs/.gitkeep
+++ /dev/null
@@ -1 +0,0 @@
-# This file is added to allow creation of README files. If that is done delete it.
\ No newline at end of file
diff --git a/demo-targets/old-typo3/templates/NOTES.txt b/demo-targets/old-typo3/templates/NOTES.txt
index c9ec86d2e..c5c1dd985 100644
--- a/demo-targets/old-typo3/templates/NOTES.txt
+++ b/demo-targets/old-typo3/templates/NOTES.txt
@@ -1,3 +1,8 @@
+{{- /*
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+*/}}
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
diff --git a/demo-targets/old-typo3/templates/service.yaml b/demo-targets/old-typo3/templates/service.yaml
index da41b8023..690381ab4 100644
--- a/demo-targets/old-typo3/templates/service.yaml
+++ b/demo-targets/old-typo3/templates/service.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/demo-targets/old-typo3/templates/tests/test-connection.yaml b/demo-targets/old-typo3/templates/tests/test-connection.yaml
index fe122203f..cf6503d12 100644
--- a/demo-targets/old-typo3/templates/tests/test-connection.yaml
+++ b/demo-targets/old-typo3/templates/tests/test-connection.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 apiVersion: v1
 kind: Pod
 metadata:
diff --git a/demo-targets/old-wordpress/container/.ht.sqlite.license b/demo-targets/old-wordpress/container/.ht.sqlite.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/demo-targets/old-wordpress/container/.ht.sqlite.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/demo-targets/old-wordpress/container/wp-config.php b/demo-targets/old-wordpress/container/wp-config.php
index 7cfaf3291..c806617e0 100644
--- a/demo-targets/old-wordpress/container/wp-config.php
+++ b/demo-targets/old-wordpress/container/wp-config.php
@@ -1,4 +1,9 @@
 <?php
+
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 /**
  * The base configuration for WordPress
  *
diff --git a/demo-targets/unsafe-https/container/index.html b/demo-targets/unsafe-https/container/index.html
index ba4082c0a..b29d395e4 100644
--- a/demo-targets/unsafe-https/container/index.html
+++ b/demo-targets/unsafe-https/container/index.html
@@ -1,3 +1,8 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
 <html>
     <head>
         <title>secureCodeBox Demo</title>
diff --git a/demo-targets/unsafe-https/container/nginx.conf b/demo-targets/unsafe-https/container/nginx.conf
index 1b58da5d5..b9caa5ff5 100644
--- a/demo-targets/unsafe-https/container/nginx.conf
+++ b/demo-targets/unsafe-https/container/nginx.conf
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 events {
   worker_connections  4096;  ## Default: 1024
 }
diff --git a/demo-targets/unsafe-https/container/site.crt.license b/demo-targets/unsafe-https/container/site.crt.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/demo-targets/unsafe-https/container/site.crt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/demo-targets/unsafe-https/container/site.key.license b/demo-targets/unsafe-https/container/site.key.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/demo-targets/unsafe-https/container/site.key.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/documentation/blog/2022-01-18-log4shell.md b/documentation/blog/2022-01-18-log4shell.md
index ec53eabc8..f46bd9db0 100644
--- a/documentation/blog/2022-01-18-log4shell.md
+++ b/documentation/blog/2022-01-18-log4shell.md
@@ -1,5 +1,5 @@
 ---
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/documentation/tsconfig.json b/documentation/tsconfig.json
index 05dddd5f1..ae374e744 100644
--- a/documentation/tsconfig.json
+++ b/documentation/tsconfig.json
@@ -1,4 +1,4 @@
 {
     "extends": "@tsconfig/docusaurus/tsconfig.json",
     "include": ["src/"]
-  }
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/documentation/tsconfig.json.license b/documentation/tsconfig.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/documentation/tsconfig.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/hook-sdk/nodejs/Makefile b/hook-sdk/nodejs/Makefile
index 76456e857..b8f588dca 100644
--- a/hook-sdk/nodejs/Makefile
+++ b/hook-sdk/nodejs/Makefile
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 sdk = hook-sdk
 include_guard = set
 include ../../sdk.mk
diff --git a/hooks/cascading-scans/hook/scope-limiter.ts b/hooks/cascading-scans/hook/scope-limiter.ts
index d9c3fbe48..db7bceb52 100644
--- a/hooks/cascading-scans/hook/scope-limiter.ts
+++ b/hooks/cascading-scans/hook/scope-limiter.ts
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 import {Finding, ScopeLimiter, ScopeLimiterAliases} from "./scan-helpers";
 import {V1ObjectMeta} from "@kubernetes/client-node/dist/gen/model/v1ObjectMeta";
 import * as Mustache from "mustache";
diff --git a/hooks/notification/hook/__testfiles__/trello.json.license b/hooks/notification/hook/__testfiles__/trello.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/hooks/notification/hook/__testfiles__/trello.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/hooks/notification/hook/notification-templates/msteams-messageCard.njk b/hooks/notification/hook/notification-templates/msteams-messageCard.njk
index 539b1ca34..251c703d3 100644
--- a/hooks/notification/hook/notification-templates/msteams-messageCard.njk
+++ b/hooks/notification/hook/notification-templates/msteams-messageCard.njk
@@ -1,3 +1,8 @@
+{#
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+#}
 type: message
 attachments:
   - contentType: application/vnd.microsoft.card.adaptive
diff --git a/hooks/notification/hook/notification-templates/rocket-chat.njk b/hooks/notification/hook/notification-templates/rocket-chat.njk
index 12e72378c..8b6ecfb21 100644
--- a/hooks/notification/hook/notification-templates/rocket-chat.njk
+++ b/hooks/notification/hook/notification-templates/rocket-chat.njk
@@ -1,3 +1,8 @@
+{#
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+#}
 channel: "{{ scan.metadata.annotations["notification.securecodebox.io/rocket-chat-channel"] | default(args["ROCKET_CHAT_DEFAULT_CHANNEL"], true) | safe}}"
 text: "New Scan Results for {{ scan.metadata.name }}"
 attachments: 
diff --git a/hooks/persistence-azure-monitor/.helm-docs.gotmpl b/hooks/persistence-azure-monitor/.helm-docs.gotmpl
index c6d6e8d44..86d1378de 100644
--- a/hooks/persistence-azure-monitor/.helm-docs.gotmpl
+++ b/hooks/persistence-azure-monitor/.helm-docs.gotmpl
@@ -1,5 +1,5 @@
 {{- /*
-SPDX-FileCopyrightText: 2021 iteratec GmbH
+SPDX-FileCopyrightText: the secureCodeBox authors
 
 SPDX-License-Identifier: Apache-2.0
 */ -}}
diff --git a/hooks/persistence-azure-monitor/.helmignore b/hooks/persistence-azure-monitor/.helmignore
index a166d1464..ba05e3013 100644
--- a/hooks/persistence-azure-monitor/.helmignore
+++ b/hooks/persistence-azure-monitor/.helmignore
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 # Patterns to ignore when building packages.
diff --git a/hooks/persistence-azure-monitor/Chart.yaml b/hooks/persistence-azure-monitor/Chart.yaml
index 57fc13c31..c37e557db 100644
--- a/hooks/persistence-azure-monitor/Chart.yaml
+++ b/hooks/persistence-azure-monitor/Chart.yaml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/hooks/persistence-azure-monitor/Makefile b/hooks/persistence-azure-monitor/Makefile
index 75795cea8..e825bc975 100644
--- a/hooks/persistence-azure-monitor/Makefile
+++ b/hooks/persistence-azure-monitor/Makefile
@@ -1,6 +1,6 @@
 #!/usr/bin/make -f
 #
-# SPDX-FileCopyrightText: 2022 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 #
diff --git a/hooks/persistence-azure-monitor/hook/Dockerfile b/hooks/persistence-azure-monitor/hook/Dockerfile
index c01a4eb6b..c93629e54 100644
--- a/hooks/persistence-azure-monitor/hook/Dockerfile
+++ b/hooks/persistence-azure-monitor/hook/Dockerfile
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ARG baseImageTag
 ARG namespace
 FROM node:18-alpine as build
diff --git a/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap.license b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/hooks/persistence-azure-monitor/hook/hook.js b/hooks/persistence-azure-monitor/hook/hook.js
index 2efae2c21..f303201f6 100644
--- a/hooks/persistence-azure-monitor/hook/hook.js
+++ b/hooks/persistence-azure-monitor/hook/hook.js
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2022 iteratec GmbH
+// SPDX-FileCopyrightText: the secureCodeBox authors
 //
 // SPDX-License-Identifier: Apache-2.0
 
diff --git a/hooks/persistence-azure-monitor/hook/hook.test.js b/hooks/persistence-azure-monitor/hook/hook.test.js
index 9eb794fb9..04e500ea5 100644
--- a/hooks/persistence-azure-monitor/hook/hook.test.js
+++ b/hooks/persistence-azure-monitor/hook/hook.test.js
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2022 iteratec GmbH
+// SPDX-FileCopyrightText: the secureCodeBox authors
 //
 // SPDX-License-Identifier: Apache-2.0
 
diff --git a/hooks/persistence-azure-monitor/hook/package-lock.json.license b/hooks/persistence-azure-monitor/hook/package-lock.json.license
index d69bd78ce..c95bc3718 100644
--- a/hooks/persistence-azure-monitor/hook/package-lock.json.license
+++ b/hooks/persistence-azure-monitor/hook/package-lock.json.license
@@ -1,3 +1,3 @@
-SPDX-FileCopyrightText: 2022 iteratec GmbH
+SPDX-FileCopyrightText: the secureCodeBox authors
 
 SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/persistence-azure-monitor/hook/package.json.license b/hooks/persistence-azure-monitor/hook/package.json.license
index d69bd78ce..c95bc3718 100644
--- a/hooks/persistence-azure-monitor/hook/package.json.license
+++ b/hooks/persistence-azure-monitor/hook/package.json.license
@@ -1,3 +1,3 @@
-SPDX-FileCopyrightText: 2022 iteratec GmbH
+SPDX-FileCopyrightText: the secureCodeBox authors
 
 SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/persistence-azure-monitor/templates/NOTES.txt b/hooks/persistence-azure-monitor/templates/NOTES.txt
index 1e695f413..9ba8f4ff1 100644
--- a/hooks/persistence-azure-monitor/templates/NOTES.txt
+++ b/hooks/persistence-azure-monitor/templates/NOTES.txt
@@ -1,5 +1,5 @@
 {{- /*
-SPDX-FileCopyrightText: 2021 iteratec GmbH
+SPDX-FileCopyrightText: the secureCodeBox authors
 
 SPDX-License-Identifier: Apache-2.0
 */}}
diff --git a/hooks/persistence-azure-monitor/templates/_helpers.tpl b/hooks/persistence-azure-monitor/templates/_helpers.tpl
index e910e1b3a..dc3334222 100644
--- a/hooks/persistence-azure-monitor/templates/_helpers.tpl
+++ b/hooks/persistence-azure-monitor/templates/_helpers.tpl
@@ -1,5 +1,5 @@
 {{- /*
-SPDX-FileCopyrightText: 2021 iteratec GmbH
+SPDX-FileCopyrightText: the secureCodeBox authors
 
 SPDX-License-Identifier: Apache-2.0
 */ -}}
diff --git a/hooks/persistence-azure-monitor/templates/persistence-provider.yaml b/hooks/persistence-azure-monitor/templates/persistence-provider.yaml
index d68793d07..ebb514505 100644
--- a/hooks/persistence-azure-monitor/templates/persistence-provider.yaml
+++ b/hooks/persistence-azure-monitor/templates/persistence-provider.yaml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/hooks/persistence-azure-monitor/values.yaml b/hooks/persistence-azure-monitor/values.yaml
index 4d51868e6..768b3fc42 100644
--- a/hooks/persistence-azure-monitor/values.yaml
+++ b/hooks/persistence-azure-monitor/values.yaml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/hooks/persistence-defectdojo/hook/.sdkmanrc b/hooks/persistence-defectdojo/hook/.sdkmanrc
index 0262a2610..b29149a2d 100644
--- a/hooks/persistence-defectdojo/hook/.sdkmanrc
+++ b/hooks/persistence-defectdojo/hook/.sdkmanrc
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Enable auto-env through the sdkman_auto_env config
 # Add key=value pairs of SDKs to use below
 java=11.0.11.hs-adpt
diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java
index 6a3405ecf..1c63342b3 100644
--- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java
+++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package io.securecodebox.persistence.mapping;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java
index 5fe9c21ee..ac618bfe8 100644
--- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java
+++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package io.securecodebox.persistence.models;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java
index 02bc94954..4ae56b7b1 100644
--- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java
+++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package io.securecodebox.persistence.service.scanresult;
 
 import com.fasterxml.jackson.databind.DeserializationFeature;
diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java
index 15ff4a26b..8853b8c65 100644
--- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java
+++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package io.securecodebox.persistence.service.scanresult;
 
 import io.securecodebox.persistence.config.PersistenceProviderConfig;
diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java
index eec4b8587..40ff89a56 100644
--- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java
+++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package io.securecodebox.persistence.service.scanresult;
 
 import io.securecodebox.persistence.config.PersistenceProviderConfig;
diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java
index 51b24d9a8..82638b61f 100644
--- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java
+++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package io.securecodebox.persistence.mapping;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java
index 305396f8f..5a1a23e51 100644
--- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java
+++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package io.securecodebox.persistence.service;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
diff --git a/scanners/wpscan/parser/__testFiles__/no-version-detected.license b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json.license
similarity index 100%
rename from scanners/wpscan/parser/__testFiles__/no-version-detected.license
rename to hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json.license
diff --git a/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-scb-findings.json.license b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-scb-findings.json.license
new file mode 100644
index 000000000..c95bc3718
--- /dev/null
+++ b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-scb-findings.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/persistence-defectdojo/hook/src/test/resources/nikto-raw-result.json.license b/hooks/persistence-defectdojo/hook/src/test/resources/nikto-raw-result.json.license
new file mode 100644
index 000000000..c95bc3718
--- /dev/null
+++ b/hooks/persistence-defectdojo/hook/src/test/resources/nikto-raw-result.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/persistence-elastic/charts/elasticsearch-7.17.3.tgz.license b/hooks/persistence-elastic/charts/elasticsearch-7.17.3.tgz.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/hooks/persistence-elastic/charts/elasticsearch-7.17.3.tgz.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license b/hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/operator/.vscode/launch.json.license b/operator/.vscode/launch.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/operator/.vscode/launch.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/operator/.vscode/tasks.json.license b/operator/.vscode/tasks.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/operator/.vscode/tasks.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/operator/charts/minio-11.9.4.tgz.license b/operator/charts/minio-11.9.4.tgz.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/operator/charts/minio-11.9.4.tgz.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml b/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml
index 8f08c10c5..801ff99a5 100644
--- a/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml
+++ b/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml b/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml
index c5cb71899..3fce98f03 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml b/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml
index 57f15df05..0d04b415c 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml b/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml
index 36f7687bd..3aa8ce3ca 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml b/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml
index 5463c1e16..498e60165 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml b/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml
index 10dc5ae36..24c866ed2 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_scans.yaml b/operator/config/crd/bases/execution.securecodebox.io_scans.yaml
index 77b6ab51f..e86992766 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_scans.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_scans.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml b/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml
index a5a295aca..4672dc3be 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml
index bc12fbce8..8b923734d 100644
--- a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml
+++ b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml
index fecc10e53..c434d1f42 100644
--- a/operator/config/rbac/role.yaml
+++ b/operator/config/rbac/role.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml b/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml
index c5cb71899..3fce98f03 100644
--- a/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml
+++ b/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/crds/execution.securecodebox.io_parsedefinitions.yaml b/operator/crds/execution.securecodebox.io_parsedefinitions.yaml
index 5463c1e16..498e60165 100644
--- a/operator/crds/execution.securecodebox.io_parsedefinitions.yaml
+++ b/operator/crds/execution.securecodebox.io_parsedefinitions.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
diff --git a/operator/utils/retrigger_scheduled_scan.go b/operator/utils/retrigger_scheduled_scan.go
index 069934f5e..d2e89d0bd 100644
--- a/operator/utils/retrigger_scheduled_scan.go
+++ b/operator/utils/retrigger_scheduled_scan.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package utils
 
 import (
diff --git a/operator/utils/url_expiration_duration.go b/operator/utils/url_expiration_duration.go
index ddb963a1c..57b2ad45b 100644
--- a/operator/utils/url_expiration_duration.go
+++ b/operator/utils/url_expiration_duration.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package utils
 
 import (
diff --git a/parser-sdk/nodejs/Makefile b/parser-sdk/nodejs/Makefile
index 9167d0b54..8a0ad2317 100644
--- a/parser-sdk/nodejs/Makefile
+++ b/parser-sdk/nodejs/Makefile
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 sdk = parser-sdk
 include_guard = set
 include ../../sdk.mk
diff --git a/parser-sdk/nodejs/README.md b/parser-sdk/nodejs/README.md
index a965f00e4..fdb717390 100644
--- a/parser-sdk/nodejs/README.md
+++ b/parser-sdk/nodejs/README.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 # Parser SDK
 
 The Parser SDK provides Parser functionalities that are used by all Scanners like starting the corresponding Parser, enriching the Scan Status in Kubernetes with Parser Results and adding additional attributes to the "Findings.json".
diff --git a/parser-sdk/nodejs/findings-schema.json.license b/parser-sdk/nodejs/findings-schema.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/parser-sdk/nodejs/findings-schema.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/parser-sdk/nodejs/parser-utils.js b/parser-sdk/nodejs/parser-utils.js
index 43fb157d3..68486cccf 100644
--- a/parser-sdk/nodejs/parser-utils.js
+++ b/parser-sdk/nodejs/parser-utils.js
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 const fs = require("fs");
 const Ajv = require("ajv-draft-04");
 const ajv = new Ajv();
diff --git a/release.md b/release.md
index 8b7993d3b..ae390bb30 100644
--- a/release.md
+++ b/release.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 # A list of steps to ensure after a new secureCodeBox release
 
 - Ensure and update all charts with a new release chart version x.x.x-alpha1
diff --git a/scanners/amass/parser/package-lock.json.license b/scanners/amass/parser/package-lock.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/amass/parser/package-lock.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/amass/parser/package.json.license b/scanners/amass/parser/package.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/amass/parser/package.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/cmseek/.gitignore b/scanners/cmseek/.gitignore
index d874ad67c..a5be59dc8 100644
--- a/scanners/cmseek/.gitignore
+++ b/scanners/cmseek/.gitignore
@@ -1 +1,5 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 *.tar
diff --git a/scanners/cmseek/parser/__snapshots__/parser.test.js.snap.license b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/cmseek/parser/__testFiles__/joomla_with_core_vulns.json.license b/scanners/cmseek/parser/__testFiles__/joomla_with_core_vulns.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/cmseek/parser/__testFiles__/joomla_with_core_vulns.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/cmseek/parser/__testFiles__/joomla_without_core_vulns.json.license b/scanners/cmseek/parser/__testFiles__/joomla_without_core_vulns.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/cmseek/parser/__testFiles__/joomla_without_core_vulns.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/cmseek/parser/__testFiles__/not_joomla.json.license b/scanners/cmseek/parser/__testFiles__/not_joomla.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/cmseek/parser/__testFiles__/not_joomla.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/doggo/examples/example.com/findings.yaml b/scanners/doggo/examples/example.com/findings.yaml
index bb3889baa..b76bd0ad5 100644
--- a/scanners/doggo/examples/example.com/findings.yaml
+++ b/scanners/doggo/examples/example.com/findings.yaml
@@ -1,3 +1,6 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
 [
   {
     "name": "DNS Zone: example.com. | Type: A",
diff --git a/scanners/doggo/integration-tests/jest.config.json.license b/scanners/doggo/integration-tests/jest.config.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/doggo/integration-tests/jest.config.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/doggo/parser/__snapshots__/parser.test.js.snap.license b/scanners/doggo/parser/__snapshots__/parser.test.js.snap.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/doggo/parser/__snapshots__/parser.test.js.snap.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/doggo/parser/__testFiles__/empty.json.license b/scanners/doggo/parser/__testFiles__/empty.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/doggo/parser/__testFiles__/empty.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/doggo/parser/__testFiles__/example.com.json.license b/scanners/doggo/parser/__testFiles__/example.com.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/doggo/parser/__testFiles__/example.com.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/doggo/scanner/wrapper.sh b/scanners/doggo/scanner/wrapper.sh
index 654d5128e..5604877fd 100644
--- a/scanners/doggo/scanner/wrapper.sh
+++ b/scanners/doggo/scanner/wrapper.sh
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 set -e
diff --git a/scanners/ffuf/examples/wordlist-config-map-multiple-fuzz-keywords/wordlist.txt.license b/scanners/ffuf/examples/wordlist-config-map-multiple-fuzz-keywords/wordlist.txt.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/examples/wordlist-config-map-multiple-fuzz-keywords/wordlist.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/examples/wordlist-config-map-post/wordlistPasswords.txt.license b/scanners/ffuf/examples/wordlist-config-map-post/wordlistPasswords.txt.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/examples/wordlist-config-map-post/wordlistPasswords.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/examples/wordlist-config-map-post/wordlistUsernames.txt.license b/scanners/ffuf/examples/wordlist-config-map-post/wordlistUsernames.txt.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/examples/wordlist-config-map-post/wordlistUsernames.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/examples/wordlist-config-map/wordlist.txt.license b/scanners/ffuf/examples/wordlist-config-map/wordlist.txt.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/examples/wordlist-config-map/wordlist.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/integration-tests/jest.config.json.license b/scanners/ffuf/integration-tests/jest.config.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/integration-tests/jest.config.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/parser/__testFiles__/empty.json.license b/scanners/ffuf/parser/__testFiles__/empty.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/parser/__testFiles__/empty.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/parser/__testFiles__/ffuf-results-multiple-fuzz-keywords.json.license b/scanners/ffuf/parser/__testFiles__/ffuf-results-multiple-fuzz-keywords.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/parser/__testFiles__/ffuf-results-multiple-fuzz-keywords.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/parser/__testFiles__/ffuf-results-postdata.json.license b/scanners/ffuf/parser/__testFiles__/ffuf-results-postdata.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/parser/__testFiles__/ffuf-results-postdata.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/parser/__testFiles__/ffuf-results.json.license b/scanners/ffuf/parser/__testFiles__/ffuf-results.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/parser/__testFiles__/ffuf-results.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ffuf/parser/__testFiles__/zeroFindings.json.license b/scanners/ffuf/parser/__testFiles__/zeroFindings.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ffuf/parser/__testFiles__/zeroFindings.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/gitleaks/examples/provide-own-rules/scan.yaml b/scanners/gitleaks/examples/provide-own-rules/scan.yaml
index 857a0ce92..7fd0f95e1 100644
--- a/scanners/gitleaks/examples/provide-own-rules/scan.yaml
+++ b/scanners/gitleaks/examples/provide-own-rules/scan.yaml
@@ -23,7 +23,7 @@ spec:
     - name: "gitleaks-config"
       mountPath: "/config/"
 
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/scanners/gitleaks/examples/secureCodeBox/scan.yaml b/scanners/gitleaks/examples/secureCodeBox/scan.yaml
index f95ab6817..710945977 100644
--- a/scanners/gitleaks/examples/secureCodeBox/scan.yaml
+++ b/scanners/gitleaks/examples/secureCodeBox/scan.yaml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/scanners/kubeaudit/examples/juice-shop/findings.json.license b/scanners/kubeaudit/examples/juice-shop/findings.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/kubeaudit/examples/juice-shop/findings.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license b/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license
index c59b85a5b..c95bc3718 100644
--- a/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license
+++ b/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license
@@ -1,3 +1,3 @@
-SPDX-FileCopyrightText: 2021 iteratec GmbH
+SPDX-FileCopyrightText: the secureCodeBox authors
 
 SPDX-License-Identifier: Apache-2.0
diff --git a/scanners/nmap/examples/basic-example/nmap-results.xml b/scanners/nmap/examples/basic-example/nmap-results.xml
index 7e7bbf1d3..b2a9acd2d 100644
--- a/scanners/nmap/examples/basic-example/nmap-results.xml
+++ b/scanners/nmap/examples/basic-example/nmap-results.xml
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE nmaprun>
 <?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
diff --git a/scanners/nmap/parser/__testFiles__/local-network-verbose.xml b/scanners/nmap/parser/__testFiles__/local-network-verbose.xml
index 8a8a09f23..267fd2cce 100644
--- a/scanners/nmap/parser/__testFiles__/local-network-verbose.xml
+++ b/scanners/nmap/parser/__testFiles__/local-network-verbose.xml
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE nmaprun>
 <?xml-stylesheet href="file:///opt/homebrew/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
diff --git a/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml b/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml
index 2bdb22df8..4170c26ab 100644
--- a/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml
+++ b/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE nmaprun>
 <?xml-stylesheet href="file:///opt/homebrew/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
diff --git a/scanners/nuclei/.gitignore b/scanners/nuclei/.gitignore
index d874ad67c..a5be59dc8 100644
--- a/scanners/nuclei/.gitignore
+++ b/scanners/nuclei/.gitignore
@@ -1 +1,5 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 *.tar
diff --git a/scanners/nuclei/examples/bodgeit/findings.yaml b/scanners/nuclei/examples/bodgeit/findings.yaml
index 126b22096..b3dd319d1 100644
--- a/scanners/nuclei/examples/bodgeit/findings.yaml
+++ b/scanners/nuclei/examples/bodgeit/findings.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 [
   {
     "name": "Tomcat exposed docs",
diff --git a/scanners/nuclei/examples/bodgeit/nuclei-results.jsonl.license b/scanners/nuclei/examples/bodgeit/nuclei-results.jsonl.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/nuclei/examples/bodgeit/nuclei-results.jsonl.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/nuclei/examples/example.com/findings.yaml b/scanners/nuclei/examples/example.com/findings.yaml
index 3127db57d..2832b97ee 100644
--- a/scanners/nuclei/examples/example.com/findings.yaml
+++ b/scanners/nuclei/examples/example.com/findings.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 [
   {
     "name": "HTTP Missing Security Headers",
diff --git a/scanners/nuclei/examples/example.com/raw-results.jsonl.license b/scanners/nuclei/examples/example.com/raw-results.jsonl.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/nuclei/examples/example.com/raw-results.jsonl.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/nuclei/examples/secureCodeBox.io/findings.yaml b/scanners/nuclei/examples/secureCodeBox.io/findings.yaml
index 22a51c911..24cb3c8da 100644
--- a/scanners/nuclei/examples/secureCodeBox.io/findings.yaml
+++ b/scanners/nuclei/examples/secureCodeBox.io/findings.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 [
   {
     "name": "DOM EventListener detection",
diff --git a/scanners/nuclei/examples/secureCodeBox.io/raw-results.jsonl.license b/scanners/nuclei/examples/secureCodeBox.io/raw-results.jsonl.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/nuclei/examples/secureCodeBox.io/raw-results.jsonl.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/nuclei/parser/__testFiles__/secureCodeBox-test.jsonl.license b/scanners/nuclei/parser/__testFiles__/secureCodeBox-test.jsonl.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/nuclei/parser/__testFiles__/secureCodeBox-test.jsonl.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml
index 1e62d0310..d05ebac98 100644
--- a/scanners/semgrep/Chart.yaml
+++ b/scanners/semgrep/Chart.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 apiVersion: v2
 name: semgrep
 description: A Helm chart for the semgrep semantic code analyzer that integrates with the secureCodeBox
diff --git a/scanners/semgrep/Makefile b/scanners/semgrep/Makefile
index e0641e4bd..3ddf7a279 100644
--- a/scanners/semgrep/Makefile
+++ b/scanners/semgrep/Makefile
@@ -1,5 +1,9 @@
 #!/usr/bin/make -f
 
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 include_guard = set                 # Always include this line (checked in the makefile framework)
 scanner = semgrep
 
diff --git a/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml b/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml
index dad6f575d..27b624ac6 100644
--- a/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml
+++ b/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 [
   {
     "name": "javascript.lang.correctness.useless-eqeq.eqeq-is-bad",
diff --git a/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml b/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml
index 5bf9941e3..78649e985 100644
--- a/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml
+++ b/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 apiVersion: "execution.securecodebox.io/v1"
 kind: Scan
 metadata:
diff --git a/scanners/semgrep/examples/vulnerable-flask-app/semgrep-findings.json.license b/scanners/semgrep/examples/vulnerable-flask-app/semgrep-findings.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/semgrep/examples/vulnerable-flask-app/semgrep-findings.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/semgrep/integration-tests/testfile.py b/scanners/semgrep/integration-tests/testfile.py
index 47f66fe0a..f3eb7d7af 100644
--- a/scanners/semgrep/integration-tests/testfile.py
+++ b/scanners/semgrep/integration-tests/testfile.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Source: Example code for the semgrep rule "python.django.security.injection.command.command-injection-os-system.command-injection-os-system"
 import os
 
diff --git a/scanners/semgrep/parser/__testFiles__/minimal-metadata.json.license b/scanners/semgrep/parser/__testFiles__/minimal-metadata.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/semgrep/parser/__testFiles__/minimal-metadata.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/semgrep/parser/__testFiles__/python-injection-multiresult.json.license b/scanners/semgrep/parser/__testFiles__/python-injection-multiresult.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/semgrep/parser/__testFiles__/python-injection-multiresult.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/semgrep/parser/__testFiles__/python-injection.json.license b/scanners/semgrep/parser/__testFiles__/python-injection.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/semgrep/parser/__testFiles__/python-injection.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/semgrep/parser/parser.test.js b/scanners/semgrep/parser/parser.test.js
index 031fc5659..a1923415e 100644
--- a/scanners/semgrep/parser/parser.test.js
+++ b/scanners/semgrep/parser/parser.test.js
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 const fs = require("fs");
 const util = require("util");
 const {
diff --git a/scanners/ssh-audit/examples/dummy-ssh/findings.yaml b/scanners/ssh-audit/examples/dummy-ssh/findings.yaml
index 152de1515..381004518 100644
--- a/scanners/ssh-audit/examples/dummy-ssh/findings.yaml
+++ b/scanners/ssh-audit/examples/dummy-ssh/findings.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 [
   {
     "name": "SSH Service",
diff --git a/scanners/ssh-audit/examples/dummy-ssh/scan.yaml b/scanners/ssh-audit/examples/dummy-ssh/scan.yaml
index 9017da80b..14c3cc14c 100644
--- a/scanners/ssh-audit/examples/dummy-ssh/scan.yaml
+++ b/scanners/ssh-audit/examples/dummy-ssh/scan.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 apiVersion: "execution.securecodebox.io/v1"
 kind: Scan
 metadata:
diff --git a/scanners/ssh-audit/examples/dummy-ssh/ssh-audit-results.json.license b/scanners/ssh-audit/examples/dummy-ssh/ssh-audit-results.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-audit/examples/dummy-ssh/ssh-audit-results.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ssh-audit/examples/port-example/findings.yaml b/scanners/ssh-audit/examples/port-example/findings.yaml
index 02197f3df..004cbbb0d 100644
--- a/scanners/ssh-audit/examples/port-example/findings.yaml
+++ b/scanners/ssh-audit/examples/port-example/findings.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 [
   {
     "name": "SSH Service",
diff --git a/scanners/ssh-audit/examples/port-example/ssh-audit-result.json.license b/scanners/ssh-audit/examples/port-example/ssh-audit-result.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-audit/examples/port-example/ssh-audit-result.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ssh-audit/parser/__testFiles__/dummy-ssh.json.license b/scanners/ssh-audit/parser/__testFiles__/dummy-ssh.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-audit/parser/__testFiles__/dummy-ssh.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ssh-audit/parser/__testFiles__/example.json.license b/scanners/ssh-audit/parser/__testFiles__/example.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-audit/parser/__testFiles__/example.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ssh-audit/parser/__testFiles__/portExample.json.license b/scanners/ssh-audit/parser/__testFiles__/portExample.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-audit/parser/__testFiles__/portExample.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ssh-audit/parser/__testFiles__/test-empty-report.json.license b/scanners/ssh-audit/parser/__testFiles__/test-empty-report.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-audit/parser/__testFiles__/test-empty-report.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ssh-scan/examples/demo-app-ssh/README.md b/scanners/ssh-scan/examples/demo-app-ssh/README.md
index 86777685f..94681e22b 100644
--- a/scanners/ssh-scan/examples/demo-app-ssh/README.md
+++ b/scanners/ssh-scan/examples/demo-app-ssh/README.md
@@ -1,5 +1,6 @@
 <!--
 SPDX-FileCopyrightText: the secureCodeBox authors
+
 SPDX-License-Identifier: Apache-2.0
 -->
 
diff --git a/scanners/ssh-scan/examples/demo-app-ssh/findings.json.license b/scanners/ssh-scan/examples/demo-app-ssh/findings.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-scan/examples/demo-app-ssh/findings.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/ssh-scan/examples/localhost/findings.json.license b/scanners/ssh-scan/examples/localhost/findings.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/ssh-scan/examples/localhost/findings.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/sslyze/parser/__testFiles__/no-certificate_deployments.json.license b/scanners/sslyze/parser/__testFiles__/no-certificate_deployments.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/sslyze/parser/__testFiles__/no-certificate_deployments.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/sslyze/parser/__testFiles__/unavailable-host.json.license b/scanners/sslyze/parser/__testFiles__/unavailable-host.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/sslyze/parser/__testFiles__/unavailable-host.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/sslyze/scanner/Dockerfile b/scanners/sslyze/scanner/Dockerfile
index 4a55c7e3c..9678ee14f 100644
--- a/scanners/sslyze/scanner/Dockerfile
+++ b/scanners/sslyze/scanner/Dockerfile
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/scanners/sslyze/scanner/wrapper.sh b/scanners/sslyze/scanner/wrapper.sh
index 90f40bebb..5c6800787 100644
--- a/scanners/sslyze/scanner/wrapper.sh
+++ b/scanners/sslyze/scanner/wrapper.sh
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/scanners/trivy/parser/__testFiles__/juice-shop-v12.10.2-no-results.json.license b/scanners/trivy/parser/__testFiles__/juice-shop-v12.10.2-no-results.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/trivy/parser/__testFiles__/juice-shop-v12.10.2-no-results.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap.license b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/typo3scan/parser/__testFiles__/localhost.json.license b/scanners/typo3scan/parser/__testFiles__/localhost.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/typo3scan/parser/__testFiles__/localhost.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/typo3scan/parser/__testFiles__/localhost_vuln_extensions.json.license b/scanners/typo3scan/parser/__testFiles__/localhost_vuln_extensions.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/typo3scan/parser/__testFiles__/localhost_vuln_extensions.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/whatweb/examples/example.com/findings.yaml b/scanners/whatweb/examples/example.com/findings.yaml
index 48dcf1667..12d2db2db 100644
--- a/scanners/whatweb/examples/example.com/findings.yaml
+++ b/scanners/whatweb/examples/example.com/findings.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 [
   {
     "name": "http://old-typo3.default.svc/",
diff --git a/scanners/whatweb/parser/__testFiles__/example.com.json.license b/scanners/whatweb/parser/__testFiles__/example.com.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/whatweb/parser/__testFiles__/example.com.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/whatweb/parser/__testFiles__/no-address.com.json.license b/scanners/whatweb/parser/__testFiles__/no-address.com.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/whatweb/parser/__testFiles__/no-address.com.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/whatweb/parser/__testFiles__/securecodebox.io.json.license b/scanners/whatweb/parser/__testFiles__/securecodebox.io.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/whatweb/parser/__testFiles__/securecodebox.io.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/whatweb/parser/__testFiles__/two-domains.json.license b/scanners/whatweb/parser/__testFiles__/two-domains.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/whatweb/parser/__testFiles__/two-domains.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/wpscan/examples/old-wordpress/findings.json.license b/scanners/wpscan/examples/old-wordpress/findings.json.license
new file mode 100644
index 000000000..3034c0d74
--- /dev/null
+++ b/scanners/wpscan/examples/old-wordpress/findings.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/scanners/wpscan/parser/__testFiles__/no-version-detected.json.license b/scanners/wpscan/parser/__testFiles__/no-version-detected.json.license
new file mode 100644
index 000000000..c95bc3718
--- /dev/null
+++ b/scanners/wpscan/parser/__testFiles__/no-version-detected.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/scanners/wpscan/scanner/Dockerfile b/scanners/wpscan/scanner/Dockerfile
index 5b17ce664..9ff919e27 100644
--- a/scanners/wpscan/scanner/Dockerfile
+++ b/scanners/wpscan/scanner/Dockerfile
@@ -1,5 +1,5 @@
 
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/scanners/wpscan/scanner/wrapper.sh b/scanners/wpscan/scanner/wrapper.sh
index 801c408fe..cb831f8dd 100644
--- a/scanners/wpscan/scanner/wrapper.sh
+++ b/scanners/wpscan/scanner/wrapper.sh
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021 iteratec GmbH
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/scanners/zap-advanced/scanner/README.md b/scanners/zap-advanced/scanner/README.md
index 05bbf5e4a..db569899a 100644
--- a/scanners/zap-advanced/scanner/README.md
+++ b/scanners/zap-advanced/scanner/README.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 # ZAP Scanner
 
 This directory contains a secureCodeBox specific python implementation of an ZAP Client.
diff --git a/scanners/zap-advanced/scanner/scripts/README.md b/scanners/zap-advanced/scanner/scripts/README.md
index 0d2105c95..32f9cc7e0 100644
--- a/scanners/zap-advanced/scanner/scripts/README.md
+++ b/scanners/zap-advanced/scanner/scripts/README.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 # ZAP Scripts
 
 This folder contains ZAP scripts. The scripts must be in subdirectories named after the
diff --git a/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js b/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js
index 22f2ab5ef..a63763a50 100644
--- a/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js
+++ b/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 /*
  * Session Management script for OWASP Juice Shop: https://raw.githubusercontent.com/zaproxy/community-scripts/master/session/Juice%20Shop%20Session%20Management.js
  * 
diff --git a/scanners/zap/parser/__testFiles__/bodgeit.xml b/scanners/zap/parser/__testFiles__/bodgeit.xml
index 9b63a3a90..3c340cfff 100644
--- a/scanners/zap/parser/__testFiles__/bodgeit.xml
+++ b/scanners/zap/parser/__testFiles__/bodgeit.xml
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 <?xml version="1.0"?>
 <OWASPZAPReport version="2.11.1" generated="Tue, 1 Feb 2022 15:42:10">