How do you ensure the license policy of your company in your projects? You don’t? VersionEye is here to help you.
We just released a new feature, the “License Whitelists“. The idea behind this feature is that you put Licenses on a Whitelist and VersionEye notifies you as soon there is a software component in your project which violates your Whitelist.
Just navigate to one of your projects on VersionEye, to the License Tab. Above the License table you will notice a new list. Here you can assign a License Whitelist to your project.
By default there is no License Check and if you see this the first time you have anyway no License Whitelist. You can click the “Manage Whitelists” button to create a new License Whitelist for your account.
You can create as many License Whitelists as you want. By clicking on a License Whitelist you can add/remove Licenses to it.
The autocomplete function suggests you Licenses out of the over 300 SPDX Licenses. If you are done with creating your License Whitelist, navigate back to your project, to the License Tab and select the Whitelist which you would like to enforce in your project. After clicking the save button, the page will reload and you will see something like this.
Software components whose Licenses are on the selected License Whitelist are marked green. Components whose Licenses are not on the License Whitelist are marked red.
Now VersionEye sends you email notifications about License Whitelist violations in your project. By default once a week, but you can even change it to once a day.
This is specially useful if you work in a team. Software Developers don’t care so much about Licenses, they care much more about features. They can pull in new software components every day and without a tool you even don’t know if they use a component with a “bad” software license. With VersionEye you get notified about License violations and you can react very quickly. If you choose so, you get email notifications every day. The email would look like this.
If there is no violation of the License Whitelist, you don’t get the email. If you don’t hear anything from VersionEye then everything is good 😉
There are different ways to write a License name. Some developers are writing “Apache 2”, some write “The Apache 2.0” and somebody else might write “The Apache License 2.0”. VersionEye is doing a lot of normalization in the background and recognizes all these different written license names as “Apache License 2.0”. And VersionEye always shows you the normalized name in the Web Interface.