3rd Party Package Licenses

PreviousSoftware Composition Analysis (SCA)NextOverride License Classifications

Last updated 1 year ago

Was this helpful?

3rd Party Package Licenses

Summary

Arnica can identify license risks and violations in 3rd party open source packages. By default, Arnica classifies the licenses according to , but also allows to to fit each customer's needs.

Supported languages

Language

Files

.Net

packages.lock.json, packages.config, .deps.json

C, C++

conan.lock

mix.lock

go.mod

Java

pom.xml, gradle.lockfile, build.gradle, build.gradle.kts, libs.versions.toml

JavaScript (including JSX, TSX, TypeScript)

package-lock.json, yarn.lock, pnpm-lock.yaml, npm-shrinkwrap.json

PHP

composer.lock

Python

Pipfile.lock, poetry.lock, requirements.txt

Ruby

Gemfile.lock

Rust

Cargo.lock

Scala

Coming soon: build.sbt

Swift

Podfile.lock

Supported licenses

Classification levels

Arnica supports the following classification levels and defines default risk severity for each classification:

Classification

Default Risk Severity

Forbidden

High

Restricted

High

Reciprocal

Medium

Exception

Medium

Notice

None

Unencumbered

None

Unknown

None

Licenses by classification levels

By default, licenses are classified by Arnica as follows:

Classification

License

Forbidden

BUSL-1.1, CAL-1.0, CAL-1.0-Combined-Work-Exception, CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-3.0-DE, CC-BY-NC-4.0, CC-BY-NC-ND-1.0, CC-BY-NC-ND-2.0, CC-BY-NC-ND-2.5, CC-BY-NC-ND-3.0, CC-BY-NC-ND-3.0-DE, CC-BY-NC-ND-3.0-IGO, CC-BY-NC-ND-4.0, CC-BY-NC-SA-1.0, CC-BY-NC-SA-2.0, CC-BY-NC-SA-2.0-DE, CC-BY-NC-SA-2.0-FR, CC-BY-NC-SA-2.0-UK, CC-BY-NC-SA-2.5, CC-BY-NC-SA-3.0, CC-BY-NC-SA-3.0-DE, CC-BY-NC-SA-3.0-IGO, CC-BY-NC-SA-4.0, Commons Clause, Commons-Clause, CPAL-1.0, CPOL-1.02, EUPL-1.0, EUPL-1.1, EUPL-1.2, Facebook-2-Clause, Facebook-3-Clause, Facebook-Examples, SISSL, SISSL-1.2, Watcom-1.0

Restricted

AAL, Abstyles, AdaCore-doc, Adobe-2006, Adobe-Glyph, ADSL, Afmparse, Aladdin, AMDPLPA, AML, ANTLR-PD, ANTLR-PD-fallback, APAFML, APL-1.0, App-s2p, Arphic-1999, Baekmuk, Bahyph, Barr, BCL, Bitstream-Charter, Bitstream-Vera, BitTorrent-1.0, BitTorrent-1.1, blessing, BlueOak-1.0.0, Borceux, Brian-Gladman-3-Clause, BSD-4.3RENO, BSD-4.3TAHOE, BSD-Advertising-Acknowledgement, BSD-Attribution-HPND-disclaimer, BSD-Source-Code, bzip2-1.0.5, bzip2-1.0.6, Caldera, CATOSL-1.1, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.0-UK, CC-BY-SA-2.1-JP, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-3.0-AT, CC-BY-SA-3.0-DE, CC-BY-SA-4.0, CC-PDDC, CDL-1.0, CDLA-Permissive-1.0, CDLA-Permissive-2.0, CDLA-Sharing-1.0, CECILL-1.0, CECILL-1.1, CECILL-2.0, CECILL-2.1, CECILL-B, CERN-OHL-P-2.0, CERN-OHL-S-2.0, CERN-OHL-W-2.0, CFITSIO, checkmk, ClArtistic, Clips, CMU-Mach, CNRI-Jython, CNRI-Python, CNRI-Python-GPL-Compatible, COIL-1.0, Community-Spec-1.0, Condor-1.1, copyleft-next-0.3.0, copyleft-next-0.3.1, Cornell-Lossless-JPEG, Crossword, CrystalStacker, Cube, C-UDA-1.0, curl, D-FSL-1.0, diffmark, DL-DE-BY-2.0, DOC, Dotseqn, DRL-1.0, DSDP, dvipdfm, eCos-2.0, eGenix, Elastic-2.0, EPICS, ErlPL-1.1, etalab-2.0, Eurosym, FDK-AAC, FreeBSD-DOC, FSFAP, FSFUL, FSFULLR, FSFULLRWD, GD, GFDL-1.1, GFDL-1.1-invariants-only, GFDL-1.1-invariants-or-later, GFDL-1.1-no-invariants-only, GFDL-1.1-no-invariants-or-later, GFDL-1.1-only, GFDL-1.1-or-later, GFDL-1.2, GFDL-1.2-invariants-only, GFDL-1.2-invariants-or-later, GFDL-1.2-no-invariants-only, GFDL-1.2-no-invariants-or-later, GFDL-1.2-only, GFDL-1.2-or-later, GFDL-1.3, GFDL-1.3-invariants-only, GFDL-1.3-invariants-or-later, GFDL-1.3-no-invariants-only, GFDL-1.3-no-invariants-or-later, GFDL-1.3-only, GFDL-1.3-or-later, Giftware, GL2PS, Glide, Glulxe, GLWTPL, gnuplot, GPL-1.0, GPL-1.0+, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0, GPL-2.0+, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-2.0-with-GCC-exception, GPL-3.0, GPL-3.0+, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0-with-autoconf-exception, GPL-3.0-with-GCC-exception, Graphics-Gems, gSOAP-1.3b, HaskellReport, Hippocratic-2.1, HP-1986, HPND-export-US, HPND-Markus-Kuhn, HPND-sell-variant, HPND-sell-variant-MIT-disclaimer, HTMLTIDY, IBM-pibs, ICU, IEC-Code-Components-EULA, IJG, IJG-short, iMatix, Imlib2, Info-ZIP, Intel-ACPI, Interbase-1.0, JasPer-2.0, JPL-image, JPNIC, JSON, Kazlib, Knuth-CTAN, LAL-1.2, LAL-1.3, Leptonica, LGPL-2.0, LGPL-2.0+, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1, LGPL-2.1+, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0, LGPL-3.0+, LGPL-3.0-only, LGPL-3.0-or-later, LGPLLR, libpng-2.0, libselinux-1.0, libtiff, libutil-David-Nugent, Linux-man-pages-copyleft, LOOP, LPPL-1.0, LPPL-1.1, LPPL-1.2, LPPL-1.3a, LPPL-1.3c, LZMA-SDK-9.11-to-9.20, LZMA-SDK-9.22, MakeIndex, Martin-Birgmeier, Minpack, mpich2, mpi-permissive, mplus, MS-LPL, MTLL, MulanPSL-1.0, Mup, NAIST-2003, NBPL-1.0, NCGL-UK-2.0, NetCDF, Net-SNMP, Newsletr, NGPL, NICTA-1.0, NIST-PD, NIST-PD-fallback, NLOD-1.0, NLOD-2.0, NLPL, NOSL, Noweb, NPL-1.0, NPL-1.1, NRL, NTP, NTP-0, Nunit, OCCT-PL, ODbL-1.0, ODC-By-1.0, OFFIS, OFL-1.0, OFL-1.0-no-RFN, OFL-1.0-RFN, OFL-1.1-no-RFN, OFL-1.1-RFN, OGC-1.0, OGDL-Taiwan-1.0, OGL-Canada-2.0, OGL-UK-1.0, OGL-UK-2.0, OGL-UK-3.0, OLDAP-1.1, OLDAP-1.2, OLDAP-1.3, OLDAP-1.4, OLDAP-2.0, OLDAP-2.0.1, OLDAP-2.1, OLDAP-2.2, OLDAP-2.2.1, OLDAP-2.2.2, OLDAP-2.3, OLDAP-2.4, OLDAP-2.5, OLDAP-2.6, OLDAP-2.7, OML, OpenPBS-2.3, OPL-1.0, OPUBL-1.0, OSL-1.0, OSL-1.1, OSL-2.0, OSL-2.1, OSL-3.0, O-UDA-1.0, Parity-6.0.0, Parity-7.0.0, PDDL-1.0, Plexus, PolyForm-Noncommercial-1.0.0, PolyForm-Small-Business-1.0.0, psfrag, psutils, Python License, Qhull, QPL-1.0, QPL-1.0-INRIA-2004, Rdisc, RHeCos-1.1, RSA-MD, Saxpath, SAX-PD, SCEA, SchemeReport, Sendmail, Sendmail-8.23, SHL-0.5, SHL-0.51, Sleepycat, SMLNJ, SMPPL, SNIA, snprintf, Spencer-86, Spencer-94, Spencer-99, SSH-OpenSSH, SSH-short, SSPL-1.0, StandardML-NJ, SugarCRM-1.1.3, SunPro, SWL, Symlinks, TAPR-OHL-1.0, TCL, TCP-wrappers, TMate, TORQUE-1.1, TOSL, TPDL, TPL-1.0, TTWL, TU-Berlin-1.0, TU-Berlin-2.0, UCAR, Vim, VOSTROM, w3m, Wsuipa, wxWindows, Xerox, XFree86-1.1, xinetd, xlock, xpp, XSkat, YPL-1.0, YPL-1.1, Zed, Zimbra-1.3, Zimbra-1.4

Reciprocal

APSL-1.0, APSL-1.1, APSL-1.2, APSL-2.0, CDDL-1.0, CDDL-1.1, CECILL-C, CERN-OHL-1.2, CPL-1.0, CUA-OPL-1.0, EPL-1.0, EPL-2.0, FreeImage, IPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, MPL-2.0-no-copyleft-exception, MS-RL, Ruby

Exception

CC-BY-ND-1.0, CC-BY-ND-2.0, CC-BY-ND-2.5, CC-BY-ND-3.0, CC-BY-ND-3.0-DE, CC-BY-ND-4.0, CERN-OHL-1.1, Latex2e, OFL-1.1

Notice

AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, AMPAS, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-1.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-2.0, ASL-1.0, Beerware, BSD, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause-Patent, BSD-2-Clause-Views, BSD-3-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-LBNL, BSD-3-Clause-Modification, BSD-3-Clause-No-Military-License, BSD-3-Clause-No-Nuclear-License, BSD-3-Clause-No-Nuclear-License-2014, BSD-3-Clause-No-Nuclear-Warranty, BSD-3-Clause-Open-MPI, BSD-4-Clause, BSD-4-Clause-Shortened, BSD-4-Clause-UC, BSD-Protection, BSL-1.0, CC-BY-1.0, CC-BY-2.0, CC-BY-2.5, CC-BY-2.5-AU, CC-BY-3.0, CC-BY-3.0-AT, CC-BY-3.0-DE, CC-BY-3.0-IGO, CC-BY-3.0-NL, CC-BY-3.0-US, CC-BY-4.0, ECL-2.0, EDL-1.0, EFL-1.0, EFL-2.0, FTL, HPND, ImageMagick, ISC, ISC License, Libpng, LIL, Lil-1.0, Linux-OpenIB, LPL-1.0, LPL-1.02, MIT, MIT-0, MIT-advertising, MIT-CMU, MIT-enna, MIT-feh, MIT-Modern-Variant, MITNFA, MIT-open-group, MIT-Wu, MS-PL, NCSA, OLDAP-2.8, OpenSSL, PHP-3.0, PHP-3.01, PIL, PostgreSQL, PSF-2.0, Python-2.0, Python-2.0.1, Python-2.0-complete, SGI-B-1.0, SGI-B-1.1, SGI-B-2.0, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C, W3C-19980720, W3C-20150513, WTFPL, X11, X11-distribute-modifications-variant, Xnet, Zend-2.0, Zlib, zlib-acknowledgement, ZPL-1.1, ZPL-2.0, ZPL-2.1

Unencumbered

OBSD, CC0-1.0, Public Domain, Unlicense

Unknown

AG-Grid, amazon-software-lic-for-amazon-dynamodb-lock-client, amCharts-Free, AppOptics-Java-Agent, Aspose-EULA, ASPSecurityKit-Khosla-Tech, bpmn.io, Chilkat-Software, Conviva, DBAD, Dom4J, ECL-1.0, Entessa, EUDatagrid, Facebook-Platform, Fair, Frameworx-1.0, Froala-Editor, FsUnit, Go, H2-Database-1.0, Highsoft, HSQLDB, Image-Components-SDK, Indiana-University-Extreme-Lab-1.2, Intel, IPA, Jam, JTA, LiLiQ-P-1.1, LiLiQ-R-1.1, LiLiQ-Rplus-1.1, LLVM-exception, Microsoft-.NET-Library, Microsoft-.NET-Library-AspNetComponent-EULA, Microsoft-ASP.NET-Model-View-Controller-4-EULA, Microsoft-AspNet-MVC3-Update-EULA, Microsoft-EULA, Microsoft-Lightswitch-Client-Javascript-Runtime, Microsoft-Visual-Studio-Sharepoint-Emulators, Microsoft-Web-WebView2, MirOS, Motosoto, MulanPSL-2.0, Multics, NASA-1.3, Naumen, Neodynamic, Nokia, No-License, NorthwoodsSoftware-EULA, NPOSL-3.0, OCLC-2.0, OGTSL, Oracle-Technology-Network, OSET-PL-2.1, PayPal-SDK, Protobuf, Resizer-Freedom, RPL-1.1, RPL-1.5, RPSL-1.0, RSCPL, SimPL-2.0, SpecFlow-EULA, SPL-1.0, UCL-1.0, UnboundID-LDAP-SDK-Free, Unspecified-Commercial, VSL-1.0

PreviousSoftware Composition Analysis (SCA)NextOverride License Classifications

Last updated 1 year ago

Was this helpful?

Summary

Arnica can identify license risks and violations in 3rd party open source packages. By default, Arnica classifies the licenses according to , but also allows to to fit each customer's needs.

Supported languages

Language

Files

.Net

packages.lock.json, packages.config, .deps.json

C, C++

conan.lock

mix.lock

go.mod

Java

pom.xml, gradle.lockfile, build.gradle, build.gradle.kts, libs.versions.toml

JavaScript (including JSX, TSX, TypeScript)

package-lock.json, yarn.lock, pnpm-lock.yaml, npm-shrinkwrap.json

PHP

composer.lock

Python

Pipfile.lock, poetry.lock, requirements.txt

Ruby

Gemfile.lock

Rust

Cargo.lock

Scala

Coming soon: build.sbt

Swift

Podfile.lock

Supported licenses

Classification levels

Arnica supports the following classification levels and defines default risk severity for each classification:

Classification

Default Risk Severity

Forbidden

High

Restricted

High

Reciprocal

Medium

Exception

Medium

Notice

None

Unencumbered

None

Unknown

None

Licenses by classification levels

By default, licenses are classified by Arnica as follows:

Classification

License

Forbidden

Restricted

Reciprocal

Exception

CC-BY-ND-1.0, CC-BY-ND-2.0, CC-BY-ND-2.5, CC-BY-ND-3.0, CC-BY-ND-3.0-DE, CC-BY-ND-4.0, CERN-OHL-1.1, Latex2e, OFL-1.1

Notice

Unencumbered

OBSD, CC0-1.0, Public Domain, Unlicense

Unknown