License Compliance plugin
The plugin requires an active License Policy. The license policy defines what Licenses are allowed and disallowed, as well as how to handle unlicensed packages, custom licenses and unknown license information.
Packages in a registry will be scanned for license issues when:
- The plugin is enabled (all package versions).
- A new package version is added.
The plugin can also be configured to quarantine unwanted or risky packages.
Example of license issues detected by the License scanner.
License Compliance requires a License Policy. Select policy in the drop-down list to apply it to the registry.
Please refer to quarantine configuration for quarantine specific settings.
New issues are by default sent to all active users in the workspace. For more information see issue notifications.
If you have enabled the Slack integration, a notification will be sent to Slack whenever a new issue is opened.
Manage License Compliance for registries and the whole workspace. Configure custom license policies of unwanted licenses and get notified when packages with non-compliant licenses are found.
Unlicensed source code
Unlicensed packages are a potential license compliance issue. License scanner identifies packages that are unlicensed. Filter packages containing license issues to identify unlicensed package versions.
Non-standard open source licenses are a potential license compliance issue. License scanner identifies custom licenses that require manual action from the user.
Prevent copyleft licenses in registries
Avoid license compliance issues with proprietary software and copyleft licenses in open source dependencies. Create a license policy disallowing copyleft licenses in your registries.
Copyleft (or strong copyleft) licenses allow derivative work, but requires you to release such work under a compatible copyleft license (as open source).
Prevent non-compatible licenses in registries
Not all open source licenses are compatible with each other. Configure a license policy of non-compatible licenses and make sure they are not used as dependencies for your projects.