SQ12408
Detected presence of licenses that require a separate use of patents permission.
| priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
|---|---|---|---|---|---|
 | fail | high | high | 5 | licenses: fail Reason: patent license considerations |
About the issueโ
Software license is a legal instrument that governs the use and distribution of software source code and its binary representation. Software publishers have the freedom to choose any commonly used or purposefully written license to publish their work under. While some licenses are liberal and allow almost any kind of distribution, with or without code modification, other licenses are more restrictive and impose rules for their inclusion in other software projects. Some software licenses specify that a separate agreement may be required for the use of patents the code may be leveraging. Patents are granted for significant innovations, and their use is typically tied to monetary compensation. When building commercial applications, this may be undesirable. Therefore, the inclusion of any patent-protected code is commonly scrutinized and often prohibited by the organization policy.
How to resolve the issueโ
- Confirm that the software package references a component or a dependency with a restrictive license.
- Consider replacing the software component with an alternative that offers a license compatible with organization policy.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M
Recommended readingโ
- Software patent (External resource - Wikipedia)
- Patents in open source (External resource - Google Open Source Casebook)