Ensure open source license compliance

Set automatic policies upfront to make sure you’re always compliant with the open source licenses your organization uses.

Open source compliance — a challenge for enterprises

While open source code packages help developers work more efficiently, mitigating license compliance risks is difficult when your code relies on hundreds, or thousands of them.

  • Each open source license comes with its own terms and conditions – making it difficult to manage when multiple licenses are used in a single project or across different projects.
  • Open source projects evolve rapidly, and so does their licensing information, and if dependencies are not updated in time, staying on top of all the changes is nearly impossible.
  • While there are popular open source licenses like Apache, MIT, and BSD, there’s no hard and fast rule for standardization, making it difficult to meet compliance.

How Learning Pool ensures license compliance

Learning Pool wanted to ensure their open source licenses were compliant as they approached another funding round. But checking manually was taking too much time. Here’s what they did next.

“What’s so good about Mend is that it has a very open API that allows us to integrate it into our CI/CD workflow and get results really quickly and automatically. You simply press a button and within a couple of minutes you get results.”

– Mark Lynch, Chief Product Officer

Video preview
WTW has developed a successful partnership with Mend.io.
Stay on top of open source license compliance risks

Mend SCA identifies your open source dependencies and maps them to our license database to determine the risk level of each. At the same time, Mend SCA lets you set and enforce licensing policies to prevent compliance issues before they happen.

Map all open source dependencies

Mend SCA quickly identifies all your open source dependencies and maps them to one of over 2,700 licenses tracked in our database, giving you a robust picture of all dependencies.

Supported with rich context

As Mend SCA compiles your open source dependencies, it automatically provides you with rich context about each, including source code, attributions, and documentation.

Risk-based prioritization

Dependencies are then ranked by their level of risk, based on an advanced reachability analysis that determines if the open source code reaches functions in direct and transitive dependencies.

Set and enforce licensing policies

Mend SCA lets you whitelist or blacklist open source licenses to establish ground rules for compliance upfront – making it easy for developers to take them into account.

Research Report – ESG Report: Optimizing
Application Security Effectiveness

Additional resources

Top Open Source Licenses Explained

An overview of the most popular open source licenses, including GPL, Apache, MIT, and Ms-PL.

The Complete Guide for Open Source Licenses 2024

See the key facts you should know for working compliantly with open source components.

Tips and Tools for Open Source Compliance

Learn more about keeping track of open source licenses and the tools that can help.

End-to-end open source risk management