As well as monitoring your vulnerability status, Snyk can help you with your license compliance if you are on any paid plan (Standard, Pro or Enterprise) by reporting on the licenses used by your dependencies. License data is inferred from the package’s manifest file, pulled from the central repository, which we then compare against SPDX’s license standards.
Snyk lets you create a custom license policy for each of your organisations. If the license feature in enabled on your organisation, you can access the policy in your organisation’s settings area.
For each license, you can select which license types you would like to trigger a violation, and the severity you’d like to set it to.
When Snyk detects a license violation it will display it in your project or in the cli snyk test results, in the same way as a security vulnerability.