License scanner plugin

Scans packages for license information and finds license issues

Bytesafe analyzes packages for license information and displays identified licenses for your registries.

The License Scanner plugin adds on top of that, and scans all packages in a registry and flags potential license issues. License issues include unlicensed packages, identification of custom licenses and unknown license information.

Packages in a registry will be scanned for license issues when:

  • The plugin is enabled (all package versions).
  • A new package version is added.

When a license issue is found by the scanner, a LICENSE badge will be added to the package:

license-badges

Example of license issues detected by the License scanner. Unlicensed is a valid standardized license for packages that do not wish to grant others the right to use a package. Packages without a license is also a license issue that may require manual actions for users.

License issue origin

Description and cause for a license issue can be viewed by hovering over a specific license issue badge.

license-issue-origin

License issues overview

An overview of the most common open source licenses available in a registry, as well as identified license issues, are displayed on registry and workspace dashboards.

To filter and track packages that contain identified license issues, click the links on the License issues card.

track-license-issues

To further filter issues according to severity, click the number associated with each severity (High, Moderate, Low).

Notifications

For users that have enabled the Slack integration (available from the Settings - Integrations), a notification will be sent to Slack whenever license issues are found in a registry.

Use cases

Unlicensed source code

Unlicensed packages are a potential license compliance issues. License scanner identifies packages that are unlicensed. Filter packages containing license issue to identify unlicensed package versions.

Custom licenses

Non-standard open source licenses are a potential license compliance issue. License scanner identifies custom licenses that require manual action from the user.

Restrict licenses with policies

Prevent packages with non-compliant licenses from entering your registry with the License block policy.

License compliance

Coming soon:

License compliance - configure custom license policies of unwanted licenses and get notified when packages with non-compliant licenses are found.