Open Source package License Compliance

Severity:MEDIUM

Open Source Package Licenses Compliance

Description

Open source software licenses govern how others – besides the originator – can use, modify, or distribute software code. They grant other users the permission and rights to use or repurpose the code for new applications or to include the code in other projects.

Selecting an open source license type depends largely on the intention of the licensor or developer for use of the software. Many licenses are considered restrictive because they have language requiring copyleft contributions or restricting the commercial use of the software.

Our out-of-the-box policy considers all approved OSI licenses as compliant (http://opensource.org/licenses/alphabetical) and alerts users when a package is used that contains a license that is not considered approved.