License Compliance plugin

Scan packages for license information and license issues

The License Compliance plugin is part of License Compliance in Bytesafe. The plugin scans all packages in a registry for license information and license issues.

The plugin requires an active License Policy. The license policy defines what Licenses are allowed and disallowed, as well as how to handle unlicensed packages, custom licenses and unknown license information.

Packages in a registry will be scanned for license issues when:

The plugin is enabled (all package versions).
A new package version is added.

The plugin can also be configured to quarantine unwanted or risky packages.

Screenshot Package Card Example of license issues detected by the License scanner.

Settings

License Compliance requires a License Policy. Select policy in the drop-down list to apply it to the registry.

Plugin settings

Please refer to quarantine configuration for quarantine specific settings.

Notifications

New issues are by default sent to all active users in the workspace. For more information see issue notifications.

If you have enabled the Slack integration, a notification will be sent to Slack whenever a new issue is opened.

Use cases

License compliance

Manage License Compliance for registries and the whole workspace. Configure custom license policies of unwanted licenses and get notified when packages with non-compliant licenses are found.

Unlicensed source code

Unlicensed packages are a potential license compliance issue. License scanner identifies packages that are unlicensed, have declared licenses but are missing the license text, or are missing license information all together. Filter on missing license issues to identify unlicensed package versions.

Custom licenses

Non-standard open source licenses are a potential license compliance issue. License scanner identifies custom licenses that require manual action from the user.

Prevent copyleft licenses in registries

Avoid license compliance issues with proprietary software and copyleft licenses in open source dependencies. Create a license policy disallowing copyleft licenses in your registries.

Copyleft (or strong copyleft) licenses allow derivative work, but requires you to release such work under a compatible copyleft license (as open source).

Prevent non-compatible licenses in registries

Not all open source licenses are compatible with each other. Configure a license policy of non-compatible licenses and make sure they are not used as dependencies for your projects.

When you use open source components, you’re implicitly signing a legal contract

Visit our knowledge resource on Open source licenses & compliance for more information on open source licenses, how it relates to your packages and why you should care about identifying licenses for the packages you use.