With this release License Compliance in Bytesafe has been reworked and greatly improved, offering fine-grained control over allowed open source licenses for your dependencies.
In fast changing environments, continuous compliance is the only way to make sure you don’t depend on packages with non-compliant licenses. Create license policies to match your unique needs, preventing or allowing open source licenses at every action - according to your list of license rules. Stay in control with in-depth license scanning and prevent use of packages with in-compatible licenses altogether with package quarantine.
License compliance in Bytesafe:
-
License Policies - Govern what licenses to allow or flag as potential issues, and what licenses to block altogether.
-
License Compliance plugin - In-depth scanning for license information in package dependencies. Identifies, flags and optionally quarantines license compliance issues.
-
License Dashboards - provide a holistic overview of the license composition for a registry, together with compliance information with open License Issues.
Custom License Policies to match your requirements
With the addition of License Policies users can create custom policies according to their compliance needs and apply them to registries.
Each license policy consists of license rules for any number of licenses. It also contains configuration on how to handle use-cases like missing or unknown licenses.
In-depth License Scanning
To ensure license accuracy, the License Compliance Plugin scans for licenses information directly in your open source package dependencies.
Open source licenses are identified using LICENSE
files in the package root as well as any license information stored in any other package file. This information supersedes any license metadata available in package.json
(no guarantee for package.json
metadata to be accurate or cover actual licenses).
Get a grasp on the license composition with dashboards
License dashboards provide an overview of all license compliance information for a registry, in accordance with an applied license policy. Allowing users access to key license metrics and what licenses are in use for their software composition.
License dashboard is available for any registry with License Compliance enabled.
Looking for more information?
See License compliance in the Bytesafe Documentation.