Package dependencies have license restrictions and obligations that must be complied with. Manage License Compliance for individual registries and the whole workspace with Bytesafe. Make sure packages you depend on are in compliance with your policies.
License compliance in Bytesafe:
License Policies - Govern the licenses to allow and disallow, and what licenses to block altogether for the License Compliance plugin.
License policies are rules that govern how specific licenses and use cases are handled by the license compliance plugin.
Users can create and customize policies according to their needs and apply them to registries.
Policies are applied to registries by selecting it in the License Compliance plugin settings.
Each license policy consists of license rules for any number of licenses. It also contains configuration on how to handle use-cases like missing or unknown licenses.
|Policy name||Name of policy. Used in the License Compliance plugin and on License Dashboards|
|License rules||List of licenses to allow or disallow. Consists of a License, an associated Severity and a Description. Description is used in license issues opened by that rule.|
|Non-matching licenses||Issue severity to be associated with any license that is not matched by the list of license rules. Can be used to allow or disallow any licenses not listed in the rules.|
|Unknown license||Severity to be associated with license issues opened for unknown licenses. Set to
|Missing license||Severity to be associated with license issues opened for missing licenses. Set to
|Description / Instruction||Text field to describe the intent of the policy and what it governs, instructions for other users in the workspace.|
There are generally two approaches to configuring policies. Either provide a list of rules for the licenses to allow, and prevent all other licenses by setting a severity for Non-matching licenses.
Or the inverse, provide a list of licenses to disallow and set Non-matching licenses to
No risk to allow all licenses not matched (and disallowed) by the license rules.
License Policy Settings
License policies are configured and edited in the workspace settings, License policies tab.
Policies can be applied to any registry in a workspace.
To apply a policy for a specific registry, enable the License Compliance plugin and select the policy in the plugin settings.
Default & Template License Policies
Bytesafe provides a default policy and a selection of template policies. Policies provided by Bytesafe are marked with a
The default policy opens License issues for unlicensed. The policy is applied by default for new registries.
Template policies are used to demonstrate how license policies can be configured to allow and disallow combinations of licenses. Copies of a template can be saved and used as a basis for a custom policy.
Template policies should not be used for production use cases and can not be edited directly.
Read and understand license conditions
Template licenses should not be considered legal advice.
Always read, understand and carefully consider software licenses to remain compliant.
Enhanced License Identification
With license compliance enabled, the License Compliance Plugin scans for licenses information in your open source package dependencies.
Package license information is collected from
LICENSE files available in package root
and any license information stored in any other package file. This information supersedes any license metadata available in
The License Compliance plugin also opens issues for references to licenses in
package.json metadata, where no actual license can be found in the package files. A potential issue as metadata alone does not equal an actual software license.
License dashboard is available for any registry with License Compliance Plugin enabled.
The dashboard provides an overview of all License compliance information for a registry, in accordance with the applied license policy.
The information includes:
- Detailed license composition - Break down of licenses found in a registry. Together with number of associated packages and issues
- License risk distribution - distribution of license risk for a registry
- License issues - Number of license issues opened by applied policy for the registry
- Unique licenses - number of unique licenses identified in packages for a registry
- License policy - Description and link for applied license policy
The issue description provides details as to why the issue was opened with details from the applied license policy. In addition, a link to the license policy is available in the sidebar.