open-source-compliance
Safeguard articles tagged "open-source-compliance" — guides, analysis, and best practices for software supply chain and application security.
4 articles
The GNU Affero General Public License v3.0, Explained
The GNU Affero General Public License v3.0 extends GPLv3 copyleft to software used over a network. Here is what AGPLv3 requires and how it differs from GPLv3.
Node.js License Compliance: Auditing Your Dependencies
Node.js itself is MIT-licensed, but the real license work is in your node_modules tree. Here is how to audit npm dependency licenses and enforce a compliance policy.
OSS Licenses Explained: Compliance and Risk Management
OSS licenses govern how you can use open-source dependencies, and ignoring them creates real legal and business risk. Here is how the main license types work and how to stay compliant.
Node.js Licensing Explained: The MIT Core and Its Bundled Dependencies
Node.js licensing looks simple until you count the bundled components. Here is what the MIT-licensed runtime actually obligates you to, and where the real compliance work hides.