License scanner plugin
Beta feature
License scanner is a new Bytesafe feature. More fine grained control is work in progress and is coming soon.
If you experience any issues or have any feedback, please report your findings to Bytesafe Support
Bytesafe by default analyze packages for license information.
The License Scanner plugin adds on top of that, and scans all packages in a registry and flags potential license issues.
Packages in a registry will be scanned for license issues when:
- The plugin is enabled (all package versions).
- A new package version is added.
When a license issue is found by the scanner, a LICENSE badge will be added to the package:
If no license information is found for a package, the license information will be empty (license scanner will flag unlicensed packages).
License issues overview
An overview of the most common open source licenses available in a registry, as well as identified license issues, are displayed on registry and workspace dashboards.
To filter and track packages that contain identified license issues, click the License issues card.
To further filter issues according to severity, click the number associated with each severity (High, Moderate, Low).
Notifications
For users that have enabled the Slack integration (available from the Settings - Integrations), a notification will be sent to Slack whenever license issues are found in a registry.
Use cases
Unlicensed source code
Unlicensed packages are a potential license compliance issue. License scanner identifies packages that are unlicensed. Filter packages containing license issue to identify unlicensed package versions.
Non-standardized licenses
Non-standard open source licenses are a potential license compliance issue. License scanner identifies non-standardized licenses that require manual action from the user.
License compliance
Coming soon:
License compliance - configure custom license policies of unwanted licenses and get notified when packages with non-compliant licenses are found.
Restrict licenses with policies - prevent packages with non-compliant licenses from entering your registry.