license-compliance
Safeguard articles tagged "license-compliance" — guides, analysis, and best practices for software supply chain and application security.
58 articles
What Is a Copyleft License?
Copyleft licenses grant broad rights on one condition: derivative works must stay under the same terms. Here is how strong and weak copyleft differ, and what actually triggers the obligation.
GNU GPL v3.0 Obligations, in Plain English
The GNU General Public License v3.0 explained without the legal phrasing: what you must do when you distribute software that includes GPL-3.0 code, and what triggers those obligations.
Software License Types: The Complete Guide
Permissive, copyleft, proprietary, and public domain: how the main software license types differ, what each one obligates you to do, and how to pick one for your project.
The GNU Affero General Public License (AGPL), Explained
The GNU Affero General Public License closes the SaaS loophole in the GPL — if your service runs modified AGPL code over a network, you owe the source, even without distributing a binary.
Black Duck SCA: The Enterprise Stalwart of Open Source Security
A review of Synopsys Black Duck for software composition analysis, covering its strengths in license compliance, vulnerability detection, and enterprise governance.
FOSSA Review: Open Source License Compliance at Enterprise Scale
A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.
OSS Review Toolkit (ORT): Automating License Compliance at Scale
The OSS Review Toolkit handles license scanning, vulnerability detection, and compliance policy enforcement. Here's how to put it to work.
SPDX Specification: A Practical Guide for Security Teams
SPDX is the ISO-standardized SBOM format. Here's how to use it effectively for security, not just license compliance.
Open Source Governance: Building an Enterprise Framework
Ad-hoc open source usage creates legal, security, and operational risk. This guide walks through building a governance framework that enables developers while managing risk.
Open Source License Compliance: A Practical Guide for 2022
License compliance is not just a legal checkbox — it is a business risk. Misunderstanding copyleft obligations or violating attribution requirements can result in lawsuits, forced code disclosure, or product recalls.