Ensure open source license compliance
Set automatic policies upfront to make sure you’re always compliant with the open source licenses your organization uses.
Which open source licenses are you using?
With more than 200 different open source licenses out there, each with its own terms and conditions, some copy-left (viral), some permissive, some permissive with strings, and others with no open source license at all (for which default copyright laws apply), it’s tough to keep track of and fulfill all the legal requirements.
Failing to accurately track licenses is risky business, and can result in some unfortunate surprises. At best it could be just the headache entails in replacing a component; at worst, it could mean jeopardizing exclusive ownership over your proprietary code.
Detect issues early in the process
Imagine it. You’re about to release your product and a pre-release code scan reveals you’re using a component with a problematic license. Removal of the component means going back to the drawing board on that segment of code, tearing and replacing, and redeveloping. Or worse, the issue is discovered post-release. And now your legal department is facing infringement claims.
Many software development teams attempt to track licenses manually. While they may succeed to track the components and their licenses, that still leaves the dependencies, many of which have completely different licenses.
With Mend.io, it’s all automatic. Whenever a new open source component is added to the build, Mend identifies its license and any licenses attached to any of its dependencies.
Related Resources
Top Open Source Licenses Explained
An overview of the most popular open source licenses, including GPL, Apache, MIT, and Ms-PL.
The Complete Guide for Open Source Licenses 2024
See the key facts you should know for working compliantly with open source components.
Tips and Tools for Open Source Compliance
Learn more about keeping track of open source licenses and the tools that can help.
Set up automatic policies to control your usage
Mend.io also lets you create your company’s license policy by defining a white list of automatically approved licenses; a black list of automatically rejected licenses (choose to get an alert and/or fail the build when a component or dependency with one of these is added); and a list of licenses that need to be approved on a case-by-case basis. These initiate a pre-defined email approval request, with all approvals tracked, signed and archived within the Mend.io system for later access.
Once you have completed your one-time policy setup, you get alerted to any predefined policy pitfalls as you develop, so you can make informed decisions before you incorporate components into your build.
Mend.io also automates licensing applications and copyright creation (EULA), so complying with license terms is quick and easy.
Learn more about our automated policies here.