License scanner plugin

Bytesafe by default analyze packages for license information.

The License Scanner plugin adds on top of that, and scans all packages in a registry and flags potential license issues.

Packages in a registry will be scanned for license issues when:

• The plugin is enabled (all package versions).
• A new package version is added.

When a license issue is found by the scanner, a LICENSE badge will be added to the package:

If no license information is found for a package, the license information will be empty (license scanner will flag unlicensed packages).

License issues overview

An overview of the most common open source licenses available in a registry, as well as identified license issues, are displayed on registry and workspace dashboards.

To filter and track packages that contain identified license issues, click the License issues card.

To further filter issues according to severity, click the number associated with each severity (High, Moderate, Low).

Notifications

For users that have enabled the Slack integration (available from the Settings - Integrations), a notification will be sent to Slack whenever license issues are found in a registry.

Use cases

Unlicensed source code

Unlicensed packages are a potential license compliance issue. License scanner identifies packages that are unlicensed. Filter packages containing license issue to identify unlicensed package versions.

Non-standardized licenses

Non-standard open source licenses are a potential license compliance issue. License scanner identifies non-standardized licenses that require manual action from the user.

License compliance

Coming soon:

License compliance - configure custom license policies of unwanted licenses and get notified when packages with non-compliant licenses are found.

Restrict licenses with policies - prevent packages with non-compliant licenses from entering your registry.