Skip to main content

License compliance policies

License compliance policies are a group of software quality policies used by the Spectra Assure platform to help you improve the overall software package quality.


These policies are used during software package analysis to check your code and inform you if any of the built-in validation rules are violated. Specifically, license compliance policies focus on preventing exposure to legal risk by ensuring proper use of software licenses in a software project, its components and dependencies.

In the Spectra Assure SAFE report, these policy violations can be found in the License Compliance issue category and cause risk in the SAFE Assessment Licenses category.

Release managers and software publishers will benefit the most from the guidance provided by these policies. When Spectra Assure products detect potential licensing issues in a software package, the affected components are highlighted in the SBOM part of the analysis report. Development teams can then apply the remediation advice for each particular policy to resolve detected issues.

Security challenges and practicesโ€‹

Software licenses define all conditions and requirements for using, modifying, and distributing the software, and are typically legally binding. The license information is usually included with the software as a textual file.

Generally speaking, software licenses can be permissive or restrictive. Permissive license types (such as MIT, Apache, BSD) usually come with minimal restrictions regarding the modification and distribution of code, which makes them a more popular choice for developers. On the other hand, restrictive (copyleft) licenses like GPL and AGPL require disclosure of the source code at all levels of the software supply chain.

Lack of insight into licenses and other software provenance data puts organizations at risk of legal action and reputation damage. Failure to comply with the requirements of a software license, even if the software is used indirectly, negatively impacts the entire supply chain, including an organization's customers, partners, and integrators.

Policies in this categoryโ€‹

License compliance policies cover the following:

  • Copyleft licensed components and dependencies
  • Restrictive licenses that limit or prohibit use in production, commercial use, software distribution and modification
  • Presence of patent-protected code
  • Licenses blocked by users or marked to raise a warning in Spectra Assure CLI policy configuration files
Show/hide all policies