License scanner plugin

Scans packages for license information and finds potential license issues

Bytesafe supports scanning of packages for license information.

When enabled, the License Scanner plugin scans all packages in a registry and flags potential license issues.

Packages in a registry will be scanned for license issues when:

  • The plugin is enabled.
  • A new package is added to the registry.

When a license issue is found by the scanner, a red LICENSE badge will be added to the package:

license-badges

An overview of all package licenses for a registry, as well as warning and problem flags, are displayed on the registry page in the web console.

Identified licenses for a package are displayed as license badges. A package can have one or multiple license badges (packages can have multiple licenses).

In addition, if no license information is found for a package, the license information will be empty (an issue the license scanner will flag with a red LICENSE badge).

Notifications

For users that have enabled the Slack integration (available from the Account Settings), a notification will be sent to Slack whenever potential license issues are found in a registry.

Use cases

  • Unlicensed source code - identify packages that are unlicensed and potentially an issue
  • Non-standardized licenses - identify non-standardized licenses that require manual action
  • Coming soon: License compliance - configure custom license policies of unwanted licenses and get notified when packages with non-compliant licenses are found
  • Coming soon: Restrict licenses with policies - prevent packages with non-compliant licenses from entering your registry