Sweet Dreams with Open Source Licensing
Has your release ever been held up due to open source licensing issues?
Here’s a true story.
In one of my previous jobs, the company I was working at was acquired by an industry monolith. It was a dream-come-true for this startup. There was cheering, happy smiling faces in the corridor, and much revelry. A short while later, after the dust settled (and hangovers subsided), we were about to do a major release when everything ground to a halt. We were told to stop the machinery until the new corporate legal department got a full report of all the open source licenses we used in our product. Cheering, smiling and revelry became complaining, cursing and frantic activity on many late nights analyzing our software and all the components and dependencies we were using. We finally provided our report, and just when we thought things would get better, they got much worse. Legal came back with a list of licenses we weren’t allowed to use.
Needless to say, the release was cancelled, and there were more frantic nights spent modifying our code to replace components that used forbidden licenses with alternative ones.
That ongoing nightmare could have been avoided if we had had Xray at the time.
Xray’s License Report shows you the open source licenses used in all indexed artifacts at the touch of a button. Not only that, using watches, you can define banned licenses and get a report showing all components that are using any, or an alert as soon as any component using a banned license finds its way into an indexed repository.
Want to sleep well at night? Try JFrog Xray.