License scanner plugin
Bytesafe analyzes packages for license information and displays identified licenses for your registries.
The License Scanner plugin adds on top of that, and scans all packages in a registry and flags potential license issues. License issues include unlicensed packages, identification of custom licenses and unknown license information.
Packages in a registry will be scanned for license issues when:
- The plugin is enabled (all package versions).
- A new package version is added.
When a license issue is found by the scanner, a LICENSE badge will be added to the package:
Example of license issues detected by the License scanner.
Unlicensed is a valid standardized license for packages that do not wish to grant others the right to use a package. Packages without a license is also a license issue that may require manual actions for users.
License issue origin
Description and cause for a license issue can be viewed by hovering over a specific license issue badge.
License issues overview
An overview of the most common open source licenses available in a registry, as well as identified license issues, are displayed on registry and workspace dashboards.
To filter and track packages that contain identified license issues, click the links on the License issues card.
To further filter issues according to severity, click the number associated with each severity (High, Moderate, Low).
For users that have enabled the Slack integration (available from the Settings - Integrations), a notification will be sent to Slack whenever license issues are found in a registry.
Unlicensed source code
Unlicensed packages are a potential license compliance issues. License scanner identifies packages that are unlicensed. Filter packages containing license issue to identify unlicensed package versions.
Non-standard open source licenses are a potential license compliance issue. License scanner identifies custom licenses that require manual action from the user.
Restrict licenses with policies
Prevent packages with non-compliant licenses from entering your registry with the License block policy.
License compliance - configure custom license policies of unwanted licenses and get notified when packages with non-compliant licenses are found.