Snyk Open Source License Compliance Management

Maintain a rapid development pace while remaining compliant with the open source software licenses in your projects.

“Open source license compliance wasn’t on our radar initially but Snyk changed that and makes it a lot easier for us to effectively manage the different licenses we use across our projects”

Ryan Kimber, Founder and CEO of FormHero

Developer-friendly

Comply at scale by empowering developers to easily integrate license compliance into their workflows.

Flexible governance

Control open source license compliance effectively with automated policy enforcement and granular management.

End-to-end visibility

Gain wide and deep visibility into open source license usage in your projects.

Easily integrate open source license compliance into your development workflows

IDE

Identify open source license issues from your very first line of code.

CLI

Scan your projects locally or as part of your CI/CD pipelines using a friendly CLI.

Pull requests

Automatically scan pull requests for license violations as part of development workflows.

Native Git scanning

Scan your repositories to get an overview of your compliance status.

Deployment

Ensure your deployed application does not include any open source license violations.

Govern compliance effectively with automated policy enforcement

License policies

Create, customize and manage license policies across the different teams in your organization.

Automated compliance gating

Automate license scanning for pull requests or as part of your CI/CD pipelines to keep noncompliant code out of your builds.

Legal instructions

Provide developers with actionable instructions per each license type.

Reporting

Monitor the state of all the license issues in one place and export reports to share with other stakeholders.

Notifications & alerts

Get alerts for violations via Slack, Jira and email for easier tracking and monitoring.

Gain end-to-end visibility into open source license usage

Integrations across the SDLC

Verify license compliance in each step of the software development lifecycle.

Dependency tree view

Accelerate triaging with a full dependency path that allows you to understand the path through which license issue was introduced.

Language coverage

License data is collected from various registries and compared against SPDX’s license standards, support includes: npm (JS), Maven (Java), .Net (Nuget), pypi (Python), Ruby Gems (Ruby) and CocoaPods (Swift and Objective-c).

BoM

Generate an automated report including the type of license available for each package your organization is using.

Copyright info

A report defining the copyright information that has a sharing requirement for each package that your organization is using.

Recent Blog Posts

Recent blog post from the Snyk team about best practices, security incidents and securing development.

READ MORE

Cheat Sheet

Quick and handy one-page tips and tricks for dev and sec teams.

READ MORE

Security Resources

Reports, videos, and other helpful content for securing your SDLC.

READ MORE

Want to see how your projects are doing?