Open Source Manager
License Compliance
Manage open source license obligations and compliance
License Compliance
Ensure your use of open source software complies with license obligations and organizational policies.
License Detection
OSM automatically detects licenses from:
- LICENSE files
- Package manifests
- Source code headers
- SPDX declarations
License Categories
Permissive Licenses
Low obligation, business-friendly:
- MIT
- Apache 2.0
- BSD (2-clause, 3-clause)
- ISC
Copyleft Licenses
Require source disclosure:
- GPL v2/v3
- LGPL v2.1/v3
- AGPL v3
- MPL 2.0
Proprietary/Commercial
Require commercial agreements:
- Custom EULA
- Commercial licenses
- Dual-licensed packages
License Policies
Define organizational policies:
Creating Policies
- Navigate to Settings → License Policies
- Click Create Policy
- Configure:
- Allowed licenses
- Blocked licenses
- Exceptions
- Actions (warn, block)
Policy Examples
Enterprise-Friendly Policy:
Allow: MIT, Apache-2.0, BSD-*, ISC
Block: GPL-*, AGPL-*
Action: Block on violationCopyleft-Aware Policy:
Allow: MIT, Apache-2.0, LGPL-*, MPL-2.0
Block: GPL-3.0, AGPL-*
Warn: GPL-2.0Compatibility Analysis
Check license compatibility:
- Can you combine these licenses?
- What are the obligations?
- Are there conflicts?
Attribution Generation
Generate required attribution:
- Select your project
- Click Generate Attribution
- Output includes:
- All components used
- License text for each
- Copyright notices
- Source code URLs
Export as:
- NOTICE file
- HTML page
- PDF document
- Markdown
Compliance Dashboard
Monitor license compliance:
- Policies passed/failed
- Violations by severity
- Trend over time
- Projects at risk
Gold Package Licenses
All Gold packages have:
- Clear license declaration
- Permissive or well-understood licenses
- No conflicting dependencies
- Complete attribution information