License Compliance - detailed control over open source licenses

With this release License Compliance in Bytesafe has been reworked and greatly improved, offering fine-grained control over allowed open source licenses for your dependencies.

In fast changing environments, continuous compliance is the only way to make sure you don’t depend on packages with non-compliant licenses. Create license policies to match your unique needs, preventing or allowing open source licenses at every action - according to your list of license rules. Stay in control with in-depth license scanning and prevent use of packages with in-compatible licenses altogether with package quarantine.

License compliance in Bytesafe:

  • License Policies - Govern what licenses to allow or flag as potential issues, and what licenses to block altogether.

  • License Compliance plugin - In-depth scanning for license information in package dependencies. Identifies, flags and optionally quarantines license compliance issues.

  • License Dashboards - provide a holistic overview of the license composition for a registry, together with compliance information with open License Issues.

Custom License Policies to match your requirements

With the addition of License Policies users can create custom policies according to their compliance needs and apply them to registries.

Each license policy consists of license rules for any number of licenses. It also contains configuration on how to handle use-cases like missing or unknown licenses.

License rules in example license policy

In-depth License Scanning

To ensure license accuracy, the License Compliance Plugin scans for licenses information directly in your open source package dependencies.

Open source licenses are identified using LICENSE files in the package root as well as any license information stored in any other package file. This information supersedes any license metadata available in package.json (no guarantee for package.json metadata to be accurate or cover actual licenses).

Get a grasp on the license composition with dashboards

License dashboards provide an overview of all license compliance information for a registry, in accordance with an applied license policy. Allowing users access to key license metrics and what licenses are in use for their software composition.

License dashboard is available for any registry with License Compliance enabled.

Overview of License information and compliance issues with license dashboards

Looking for more information?

See License compliance in the Bytesafe Documentation.

author

Andreas Sommarström

Customer Success Engineer