Achieve open source license compliance through automation

Author avatar
by Oscar Reimer
2021-05-24
1 min
Achieve open source license compliance through automation

As mentioned when we launched our license feature, we were working hard on extending our automation engine with license capabilities. Finally, it’s all ready for you to try and use – let’s have a look at what can be achieved!

Creating license targeted automation rules

In the automation engine, you now have three license related subjects to choose from, by which you can create conditions:

  • One or more licenses – Allows you to e.g. ban specific licenses
  • License family – Allows you to e.g. ban a range of licenses, such as strong copyleft, in one go
  • License risk – Allows you to e.g. ban licenses carrying a high or higher risk
Automations engine, the three new license related conditions, license, license family and license risk. Debricked
The three new license related subjects, license, license family and license risk.

You can now, for example, create a rule which fails your pipeline whenever a dependency with a high or higher license risk is introduced to your repository. The rule would look something like this:

Creating a rule which fails pipeline whenever a new dependency is added with high or higher license risk
Creating a rule which fails pipeline whenever a new dependency is added with high or higher license risk, don’t forget to hit save!

By creating such a rule we ensure that no high risk dependencies, from a license perspective, are allowed to enter our code base. How do we know if a license is high risk? By setting a Use Case, Debricked can calculate the license risk for you. You can read more about setting use cases for repositories here.

Get compliant today

Get, and stay, license compliant within a few minutes by creating a free Debricked account today!

Product

Related posts

  1. User avatar
    Sheriff Manzoor
    about 3 years ago

    Hello,

    Interesting blog, I am curious to know if the license rules can be set with respect to conext such as integration type of OSS licensed components. Is there also provision to add license clause related rules?

    Best Regards
    Sheriff Manzoor

    1. User avatar
      Oscar Reimer
      about 3 years ago

      Hi Sheriff,

      Thank you for your question!

      You can configure the context each repo, that you integrate with our tool, by defining how that repo is deployed (for example if it’s a repo that’s deployed as a web app or as an on-site deployment). The deployment context can then be used when creating license rules.

      As for creating rules based on specific clauses in a license, that is not available in the service as of now. You can, of course, create rules regulating the usage of specific licenses, though.

      Kind regards,
      Felix Kruuse – Product @ Debricked