Apache License 2.0 Explained

0 分で読めます

What is the Apache License?

The Apache software license gives users permission to reuse code for nearly any purpose, including using the code as part of proprietary software. As with other open source licenses, the Apache license governs how end-users can utilize the software in their own projects. This license is a widely-used open source license, and like other permissive licenses, it continues to grow in popularity because it encourages the use of open source software within proprietary projects.


Apache License permissions and restrictions (T&C’s)

Under the Apache license, users are permitted to modify, distribute, and sublicense the original open source code. Commercial use, warranties, and patent claims are also allowed with the Apache license. The terms and conditions under the license don’t place any restrictions on the code, but end users cannot hold the open source contributors liable for any reason.

When using the Apache license, developers must include the original copyright notice, a copy of the license text itself, and in some cases, a copy of the notice file with attribution notes and a disclosure of any significant changes made to the original code. Disclosing major code changes is a key differentiator between the Apache license and other permissive open source software licensing restrictions.

The history of the Apache license 2.0

In 1995, the original Apache license was an open source software license released by the Apache Software Foundation (ASF), formerly known as the Apache Group. The ASF created the open source Apache license to encourage the use of open source components in all types of applications.

The first version of the Apache license is rarely used in open source software components today. That’s because the Apache license version 2.0 was created in 2004 when the ASF decided to depart from the BSD license model. This newer version clarified some of the concepts within the license text, granted patent rights to users, and removed an advertising clause related to Apache attribution. Ultimately, this gives end users more freedom to use the open source code for commercial purposes.

What class of license is Apache 2.0?

The Apache 2.0 license is a permissive license, meaning there are few restrictions on the use of the code. This differs from a copyleft license, which requires the user to distribute their code under the same software license. The Apache license allows end users to modify parts of the original code under any license as long as it contains the appropriate documentation that Apache requires within the redistributed code. Check out our guide to the different types of software licenses you should know about.

When should you use the Apache license?

Open source developers should select the Apache license to quickly get their project out to market and in the hands of larger software companies that want to use open source components in commercial applications. Because the license doesn’t require companies to disclose their code modifications and it grants them patent rights, it’s ideal for distributing open source software that enterprises may be interested in using. The Apache name alone can give potential users confidence in the open source software because the foundation has been prominent in the industry for decades.

Apache license vs. MIT license

The Apache license and MIT license are broadly similar, but there are some key differences. For one, the Apache 2.0 license text is much more thorough and contains more legal terminology than the MIT license. The MIT license aims to be the most simple and straightforward open source license for developers to distribute their software under.

Another key difference is that the Apache license requires developers to disclose any major changes they make to the original source code. The modified source code does not need to be revealed, but a notice of the modification is required. However, any unmodified code must retain the Apache license.

Unlike the MIT license, open source software under the Apache license that has been modified is permitted to be patented by the end user as well. These patent rights are global, perpetual, irrevocable, and non-exclusive as long as the modified version does not suggest that it’s endorsed by Apache in any way. The language of the Apache license makes the explicit grant of patent rights clear, but the patent rights are more ambiguous in the MIT license.

Apache license vs. AGPL

The GNU Affero General Public License (AGPL) license is a version of the GPLv3 created by the Free Software Foundation (FSF) that aims to enforce full copyleft rights on all software that use it. This is in direct contrast to the permissive approach with Apache and MIT licenses that promote the modification and redistribution of open source software for any use, including proprietary purposes.

The major difference between AGPL and other copyleft licenses is that it closes a loophole so that developers must use the AGPL license even for software that isn’t explicitly distributed (i.e. only deployed on a backend server). This makes the AGPL one of the most restrictive open source licenses available.

wordpress-sync/copyleft-vs-permissive-licenses
Copyleft vs Permissive licenses comparison

Open source license management with Snyk

Given that most development teams now use open source software (OSS), it’s critical that they’re tracking their OSS licenses and policies effectively. For example, development teams need to include the appropriate documentation for the Apache license in any of their software projects that leverage open source components distributed under the license. This can be challenging to manage across dozens of software projects that use hundreds of open source dependencies.

Snyk Open Source can help development teams keep track of their open source licenses across projects regardless of which licenses are in use. With automated policy enforcement and granular management, Snyk can help reduce the risk of open source license violations.

wordpress-sync/snyk-license-compliance
A screenshot of Snyk’s license compliance management that shows the severity levels for license issues

Snyk also provides visibility into license expiration dates and renewal requirements, which can be complicated to manage for large organizations. Managing licenses in a streamlined way empowers developers to rapidly build software while remaining compliant with open source policies.

Up Next

Node.js licensing and security considerations

With the Node.js runtime environment becoming more popular, it's important to know about Node.js licensing and security risks for your web applications.

続きを読む

Snyk (スニーク) は、デベロッパーセキュリティプラットフォームです。Snyk は、コードやオープンソースとその依存関係、コンテナや IaC (Infrastructure as a Code) における脆弱性を見つけるだけでなく、優先順位をつけて修正するためのツールです。世界最高峰の脆弱性データベースを基盤に、Snyk の脆弱性に関する専門家としての知見が提供されます。

無料で始める資料請求

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon