License Control and Open Source Governance

By Moshe Yalo

Ever been held up because someone suddenly realized that there is a bunch of licensing requirements to which you must comply? Artifactory can help prevent such a scenario. Upon deployment of any binary to your repositories Artifactory performs a license check on your artifacts and on all ensuing dependencies, and provides immediate feedback on all license requirements. This lets you prepare ahead of time to ensure you comply early on in the development cycle avoiding unnecessary delays at “crunch time” when you want to release. You can define approved and unapproved licenses, manage optional license policies, and export license reports as part of your build’s Bill of Materials.

And with Black Duck’s binary repository integrations plugin, you can implement automated and repeatable process to manage open source governance while managing all of your binary uploads through Artifactory including:

  • Detection and approval of new open source components as they enter a code stream
  • Taking inventory and tracking use of open source components
  • Identifying and monitoring known open source vulnerabilities
  • Tracking risk remediation efforts
  • Audit and enforcement of open source security policies and license compliance