Nearly 80% of code in applications originates from open source projects and is protected under various open source licenses.

Failure to completely fulfill the obligations of every license puts your own IP at risk

Permissive

Permissive licenses, considered low risk, contain minimal requirements or restrictions regarding how software can be modified or redistributed. Examples include the MIT license and Apache license. 

 

Semipermissive

Often referred to as limited, weak copyleft, or copyleft, these licenses are considered medium risk because if you modify the code, you must release the modifications, but not your whole application, under the same license. Examples include Mozilla and the Eclipse public licenses.

 

Restrictive

Restrictive licenses carry a great deal of legal risk. If you use a component with one of these, you might be legally obligated to publicly release your entire application code. Examples are the GNU GPL and GNU LGPL.

Allowed Required Forbidden
Commercial use Distribute Modify Patent use Private use Disclose source License & copyright notice Same license State changes Liability Warranty Trademark use
GNU AGPLv3
GNU GPLv3
GNU LGPLv3
Mozilla Public License 2.0
Apache License 2.0
MIT License
Boost Software License 1.0
The Unlicense

AI code generation and license risk

AI coding assistants like GitHub Copilot and ChatGPT are trained on open source projects. These tools can provide source code without including license context, leaving you open to IP infringement risk.

Black Duck® software composition analysis (SCA) snippet analysis scans source code written by developers or AI coding tools to identify partial bits of open source code, match it back to the project it originated from, and provide license information and compliance guidance.

Automate open source license compliance with Black Duck SCA

Identify open source licenses

Identify open source licenses

For every open source dependency identified, Black Duck SCA surfaces the exact licenses being used. This includes explicitly declared licenses, sublicenses, and embedded licenses. 

Get simplified insights

Get simplified insights

Requirements and restrictions associated with each license are extracted and provided in a simplified view, along with complete license texts and copyright information.

Alerts on policy violations and license conflicts

Get alerts on policy violations and license conflicts

Alerts are issued when license policies are violated, or when conflicts exist between the project license and dependency licenses. 

Custom policy rules

Create custom policy rules

Custom policy management defines which licenses are allowed and which workflows should be triggered should a violation occur.

Automate notices file generation

Automate notices file generation

Notices files, which are required of almost every open source license, are automatically or manually generated for projects and consumable via user interfaces and APIs.

On-demand expertise for open source license compliance

On-demand expertise for open source license compliance

Get a comprehensive view into open source license obligations with an open source and third-party software audit. Black Duck® Audits are the industry’s most trusted open source due diligence solution, combining leading SCA capabilities with expert open source auditors to provide a complete and accurate Software Bill of Materials to help you make informed decisions with confidence.

Learn more about open source risk management