Conducting License Research

Conducting License Research

Introduction

In addition to standard license evidence and license details presented by Code Insight, users who require advanced license analysis can use the Research Pane to view additional license information from the compliance library such as license obligations and compatibility data or use the Inventory License view to see a side-by-side comparison of different licenses.

Viewing and Editing a License

To view or edit a license, do the following:

1. Click Research in the Main menu bar.
2. Enter a license name in the Search field, and click the Magnifying Glass.
3. In the search results, click the Plus icon next to the license you want to view or edit.
4. Click Edit. The Edit License page appears:

Edit License Tabbed View.png

5. Click the appropriate tab to view and edit license information:
General Information: Name, URL, Description, Text. The Category field, for example, can be set so that you skip legal review. You can also choose to alter the workflow routing if you decide you wish to skip review levels The Family pull-down allows you to indicate if a license is in a family. The Select Family pull-down menu allows you associate the license with a family and choose what characteristics the license will inherit. Policy field contains relevant policy information.
License Analysis: This is not editable. Instead you can view the ranking of risk level, license requirements, and descriptions associated with the selected license.
License Metadata: The license metadata field definitions and value assignments are supported via API and external scripts. The assigned license metadata value fields are visible and can be searched against in the Web UI. see “Metadata Framework” for more information related to the metadata process and supported entities and datatypes.
License compatibility: On the Metadata tab, at the top, analyses of different license compatibility are provided. These analyses allow you to see which categories of compatibility a license may evoke.
License Obligations: This tab contains the set of license obligations associated with a given license. If a license belongs to the license family and does not have any license obligations, it will inherit the license obligations from the associated license family. License obligations can be defined in the Web UI by clicking on the Plus icon, or they can be bulk loaded by selecting Import from the Administration menu. Only an Application Administrator can bulk-import license obligations.
The following graphic is an example of the information that appears on the Metadata tab:
6. When you finish viewing and editing the information, click Save.

Inventory License Details

When inventory is created in Code Insight to represent the software bill of materials (SBOM), users have the option to view additional license information for the detected license and compare it against similar licenses in the compliance library. Look for the license info icon info_icon.png to access license text associated to the identified component or component-version, as-found license text, license comparison, license analysis (if available), license metadata (including compatibility analysis), license obligations, and license comments.

Advanced license information appears in the following tabs:

  • As-Found License Text
  • Expected License Text
  • License Family
  • License Metadata
  • License Analysis
  • License Obligations
  • License Compatibility

License approval details are available for viewing by clicking on associated License icons.

COMPONENT

ICON

DESCRIPTION

Component Policy Flag icons

 

green flag_2.png

License always allowed.

 

red flag_2.png

License never allowed.

 

yellow flag_2.png

License has unknown policy since it depends on usage.

 

gray flag_2.png

License does not have matching policy.

License Text Comparison

The License text comparison feature allows you to compare the following types of license text associated with a given inventory item:

• License family
• Expected license
• As-found license

To compare license types, do the following:

1. To view an inline comparison of two license texts associated with an inventory item, go to an inventory item.
2. Click the View License Details icon () next to the license name. The License Comparison page appears:

license_comparison.png
3. To compare two different license text types, select the two license text types to compare from the pull-down menus:
• License Text: The license text for the selected license from the Code Insight Compliance Library.
• As-Found License Text: The value of the As-Found License Text group field in Detector that was entered by the auditor.
• License Family: The license text of the license family to which the selected license belongs.
4. Click the Compare button.
NOTE: If a license text type is empty, it isn’t viewable.
Was this article helpful? Yes No
No ratings
Version history
Revision #:
4 of 4
Last update:
‎May 17, 2021 09:10 PM
Updated by:
 
Contributors