This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

License policies

Learn about the predefined finding policy templates for open source license risk management.

Policy templates for open source license detection

Endor Labs provides the following policy templates for detecting open source license usage. See Finding Policies for details on how to create policies from policy templates.

Policy Template Description Severity
Permit only specified software licenses Use this template to define an allowed list of software licenses permitted within your organization or a subset of projects. Endor Labs will raise findings when dependencies in packages or projects have licenses that are not on the allowed list. Medium
Restricted software licenses Use this template to define a blocked list of software licenses that should be restricted from use or only used within specific contexts within your organization. Endor Labs will raise findings when dependencies in packages or projects have licenses that are on the blocked list. Medium
Restricted software license types Use this template to create an organizational policy to restrict certain license types or limit a license type to specific contexts within an organization. This is useful to identify license risks and violations in 3rd party open source packages. The license type classification in this policy follows the industry best practice rules defined by Google license types. If no license types are specified using the input parameter, only “restricted” and “FORBIDDEN” license types are flagged. Medium