GitHub Open Source licensing tool
GitHub, the online home of over 20 million developers, have open-sourced “Licensed” – their own, internal tool for managing Open Source licenses.
What does it do?
This tool is aimed at helping developers work towards compliance with the license terms of Open Source dependencies (an external software package used in an application) within their programs.
It finds, caches and checks the license metadata of dependencies and works across multiple languages and package managers across multiple projects. Using a project called “Licensee”, it automates the reading of license files and attempts to determine the license type. This will flag up if the license appears to be:
- Explicit copyright
- An exact match to an existing license
- X% similar to an existing license i.e. 95% similar to the MIT license
Licensed will store the dependency data in a source control repository, which helps make checking this data part of the development workflow. Whenever dependencies change, the license data must be updated which helps things remain compliant.
Typically, the license terms of an Open Source dependency will require that a copy of the license is distributed with future applications that contain it. Licensed helps automate this process and can also be used to create a “Bill of Materials” that enables users to see all the Open Source components used within the application.
Will it help?
A tool like this certainly looks to be useful for organisations trying to get a handle on their Open Source usage and compliance. Something that fits into the development workflow will help flag any issues as soon as possible and, with GitHub being familiar to so many developers around the world, the chances of it being adopted should be quite high.
However, perhaps that is also a flaw. Will the developer style nature of Licensed mean that ITAM departments stay away from it as they don’t understand it? If usage of this tool is left to the developers, there is an element of “who will watch the watchers?” If it can’t be managed centrally alongside existing SAM tools and as part of existing processes, perhaps organisations will be averse to adopting it?
Further Reading
Licensee – https://github.com/benbalter/licensee
Licensed – https://github.com/github/licensed
Licensed Documentation – https://github.com/github/licensed/blob/master/docs/configuration.md
More Licensed info – https://githubengineering.com/improving-your-oss-dependency-workflow-with-licensed/
Can’t find what you’re looking for?
More from ITAM News & Analysis
-
ITAMantics - April 2024
Welcome to the April 2024 edition of ITAMantics, our monthly news podcast where we discuss the biggest ITAM stories from the last month. George is joined this month by AJ Witt and Ryan Stefani. Stories tackled ... -
Broadcom is removing expired VMware licences from its portal - take action now!
Hot on the heels of Broadcom’s announcement of the end of perpetual licences for VMware it has given customers barely a week to download any keys for licenses from its portal with expired support. This is ... -
Who Loses When Broadcom Wins?
News of a new Broadcom deal rarely arrives with great fanfare. The November 2023 VMware acquisition provoked open worry online and in business circles, with many critics wondering whether the former Hewlett-Packard spinoff’s reputation would prove ...