Safeguard
Tag

license-compliance

Safeguard articles tagged "license-compliance" — guides, analysis, and best practices for software supply chain and application security.

58 articles

Licensing

What Is a Copyleft License?

Copyleft licenses grant broad rights on one condition: derivative works must stay under the same terms. Here is how strong and weak copyleft differ, and what actually triggers the obligation.

Aug 7, 20245 min read
Licensing

GNU GPL v3.0 Obligations, in Plain English

The GNU General Public License v3.0 explained without the legal phrasing: what you must do when you distribute software that includes GPL-3.0 code, and what triggers those obligations.

Aug 6, 20245 min read
Licensing

Software License Types: The Complete Guide

Permissive, copyleft, proprietary, and public domain: how the main software license types differ, what each one obligates you to do, and how to pick one for your project.

Jun 20, 20246 min read
Licensing

The GNU Affero General Public License (AGPL), Explained

The GNU Affero General Public License closes the SaaS loophole in the GPL — if your service runs modified AGPL code over a network, you owe the source, even without distributing a binary.

Apr 3, 20246 min read
Tool Reviews

Black Duck SCA: The Enterprise Stalwart of Open Source Security

A review of Synopsys Black Duck for software composition analysis, covering its strengths in license compliance, vulnerability detection, and enterprise governance.

Apr 15, 20235 min read
Tool Reviews

FOSSA Review: Open Source License Compliance at Enterprise Scale

A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.

Dec 8, 20226 min read
Open Source Security

OSS Review Toolkit (ORT): Automating License Compliance at Scale

The OSS Review Toolkit handles license scanning, vulnerability detection, and compliance policy enforcement. Here's how to put it to work.

Sep 28, 20226 min read
SBOM

SPDX Specification: A Practical Guide for Security Teams

SPDX is the ISO-standardized SBOM format. Here's how to use it effectively for security, not just license compliance.

Sep 15, 20226 min read
Governance

Open Source Governance: Building an Enterprise Framework

Ad-hoc open source usage creates legal, security, and operational risk. This guide walks through building a governance framework that enables developers while managing risk.

Jun 28, 20227 min read
Compliance & Regulations

Open Source License Compliance: A Practical Guide for 2022

License compliance is not just a legal checkbox — it is a business risk. Misunderstanding copyleft obligations or violating attribution requirements can result in lawsuits, forced code disclosure, or product recalls.

Feb 10, 20225 min read
license-compliance (Page 5) — Safeguard Blog