What is the Apache license? In short, the Apache 2 license (formally Apache License, Version 2.0, and often searched as "what is Apache license 2.0") is a permissive open source license that lets you use, modify, and redistribute the licensed code — including in closed-source commercial products — as long as you preserve the original copyright notice, include a copy of the license, and clearly document any changes you made to the original files.
What does Apache 2.0 license commercial use actually allow?
Apache 2.0 license commercial use is explicitly permitted with no requirement to open-source your own code, no royalty obligation, and no requirement to disclose that you're using it beyond the attribution notice — this is what makes it "permissive" rather than "copyleft." A company can take an Apache-2.0-licensed library, embed it in a proprietary SaaS product, and never publish a line of their own source code, provided they keep the original NOTICE and LICENSE files intact and note where they modified the original code. This is a materially different obligation than a copyleft license like the GPL, which can require derivative works to be released under the same license terms.
What makes the patent grant in Apache 2 different from MIT or BSD?
The Apache 2 license includes an explicit, irrevocable patent grant from every contributor, covering any patents they hold that are necessarily infringed by their contribution — and critically, that grant terminates automatically if you sue the licensor or another user over patent infringement related to the software. This clause doesn't exist in the MIT or BSD licenses, which are silent on patents entirely, leaving open a theoretical risk that a contributor could grant code under a permissive copyright license while still holding a patent that reads on that same code. For any project where patent exposure is a real concern — which is most enterprise software today — that explicit grant is the practical reason legal teams often prefer Apache 2.0 over otherwise-similar permissive licenses.
What are the actual compliance obligations when using Apache 2.0 code?
Four requirements cover nearly all of it: include a copy of the Apache License 2.0 text with any distribution, retain all copyright, patent, trademark, and attribution notices from the source, state any changes you made to the files if you modified them, and include a readable copy of the project's NOTICE file if one exists in the original distribution. There's no requirement to make your own modifications public, no requirement to use the same license for your own code, and no viral inheritance of the license onto unrelated parts of a larger codebase — it applies only to the Apache-licensed component itself.
How does Apache 2.0 compare to other common license types of licenses?
Among the different types of licenses in common use, Apache 2.0 sits alongside MIT and BSD as permissive, but is more detailed and better suited to larger, contributor-heavy projects because of its explicit patent language and its more formal handling of contributions and trademarks. MIT is shorter and simpler but silent on patents; BSD variants are similarly minimal; copyleft licenses like GPL and its variants require derivative works to remain open under compatible terms, which is a fundamentally different obligation model than anything in the Apache 2 or MIT family.
Why does license type matter for SCA and dependency scanning?
Every dependency your project pulls in carries its own license, and mixing incompatible license types — say, GPL-licensed code inside a proprietary commercial product without understanding the obligations that creates — is a real legal exposure, not just a theoretical one. This is why software composition analysis tooling flags license type alongside vulnerability findings: a dependency tree with dozens of transitive packages can easily include a copyleft license buried three levels deep that nobody explicitly chose, and catching that during a scan is considerably cheaper than catching it during a legal review before an acquisition or enterprise sales deal.
FAQ
Can I use Apache 2.0 licensed code in a closed-source product?
Yes. Apache 2.0 license commercial use explicitly permits closed-source, proprietary use, provided you retain the required notices and license text and document any modifications you made to the licensed files.
Does Apache 2.0 require me to share my modifications?
No. Unlike copyleft licenses, Apache 2.0 only requires you to note that you made changes, not to publish the changes themselves or release your own code under the same license.
What happens to the patent grant if I sue over patent infringement?
The Apache 2.0 patent grant terminates automatically for anyone who initiates patent litigation against a contributor or user alleging the licensed software infringes a patent, which is a defensive termination clause built into the license itself.
What is Apache 2.0 license, explained simply?
The Apache 2.0 license, explained in one line: it's a permissive license — meaning there's no requirement to open-source your own code — plus an explicit patent grant from contributors. Whether you search for "what is an Apache license" or "license Apache 2.0," the answer is the same document described above.
Is Apache 2.0 compatible with GPLv3?
Yes, Apache License 2.0 is generally considered one-way compatible with GPLv3 — Apache-licensed code can be incorporated into a GPLv3 project — though the reverse is not true, and compatibility with GPLv2 is more limited.