Snyk Open Source License Compliance Management
Maintain a rapid development pace while remaining compliant with the open source software licenses in your projects. Available as a part of all paid plans.
“Open source license compliance wasn’t on our radar initially but Snyk changed that and makes it a lot easier for us to effectively manage the different licenses we use across our projects”
Ryan Kimber, Founder and CEO of FormHero
Comply at scale by empowering developers to easily integrate license compliance into their workflows.
Control open source license compliance effectively with automated policy enforcement and granular management.
Gain wide and deep visibility into open source license usage in your projects.
Easily integrate open source license compliance into your development workflows
Identify open source license issues from your very first line of code.
Scan your projects locally or as part of your CI/CD pipelines using a friendly CLI.
Automatically scan pull requests for license violations as part of development workflows.
Native Git scanning
Scan your repositories to get an overview of your compliance status.
Ensure your deployed application does not include any open source license violations.
Govern compliance effectively with automated policy enforcement
Create, customize and manage license policies across the different teams in your organization.
Automated compliance gating
Automate license scanning for pull requests or as part of your CI/CD pipelines to keep noncompliant code out of your builds.
Provide developers with actionable instructions per each license type.
Monitor the state of all the license issues in one place and export reports to share with other stakeholders.
Notifications & alerts
Get alerts for violations via Slack, Jira and email for easier tracking and monitoring.
Gain end-to-end visibility into open source license usage
Integrations across the SDLC
Verify license compliance in each step of the software development lifecycle.
Dependency tree view
Accelerate triaging with a full dependency path that allows you to understand the path through which license issue was introduced.
License data is collected from various registries and compared against SPDX’s license standards, support includes: npm (JS), Maven (Java), .Net (Nuget), pypi (Python), Ruby Gems (Ruby) and CocoaPods (Swift and Objective-c).
Generate an automated report including the type of license available for each package your organization is using.
A report defining the copyright information that has a sharing requirement for each package that your organization is using.