License Compliance

GitHub DevSecOps Part 4: How to Ensure License Compliance

25 January 2023·5 mins

DevSecOps GitHub CI/CD DevOps License Compliance Open Source GitHub Actions License Finder

GitHub does not ship a license scanner out of the box, and when we went looking in the marketplace, none of the existing actions did what we needed. So we built our own with a colleague from Microsoft and published it. In Part 4 of our GitHub DevSecOps series, Patrick Steger and I plug that License Finder action into our Spring Boot pipeline, configure which licenses are acceptable, and show how to surface the results inside GitHub.

GitLab DevSecOps Part 4: How to Ensure License Compliance

24 August 2022·5 mins

DevSecOps GitLab CI/CD DevOps License Compliance Open Source License Finder Shift Left

You ship a Java application that depends on Spring Boot, which depends on dozens of other libraries, each with its own license — and most teams cannot tell you what those licenses actually are. In Part 4 of our GitLab DevSecOps series, Patrick Steger and I add license compliance to the pipeline so the question is answered automatically on every commit. The good news: with GitLab Ultimate, this is one template line away.

↑