Override License Classifications

Summary

Arnica can identify license risks and violations in 3rd party open source packages. By default, Arnica classifies the licenses according to Google's open source documentation, but also allows to override the licenses to fit each customer's needs. This page explains how to do it.

Licenses policy

License classification risks can be modified and individual licenses can be overridden with forbidden or allowed classification.

The changes described in the sections below will be reflected the next time full source code scan is performed (daily on paid plans) or in the next event triggered by the code risk policy, such as a code push or a pull request.

Modify license classification risk severity

Navigate to the policies page and expand Code Risks and then Licenses.
Change the risk severity any of the classification levels by clicking on the preferred risk severity chip.

Click on Save in the bottom of the policy section.

Override forbidden & approved licenses

Navigate to the policies page and expand Code Risks and then Licenses.
Click on the + next to the license that needs to be explicitly forbidden or approved.
Select the license by browsing through all licenses or searching at the top of the message box.

The selected licenses will appear in the overrides section. Validate the licenses and click on Save in the bottom of the policy section.

Previous3rd Party Package Licenses Next3rd Party Package Reputation

Last updated 1 year ago