Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Summary
  • Licenses policy
  • Modify license classification risk severity
  • Override forbidden & approved licenses

Was this helpful?

  1. Code Risks
  2. 3rd Party Package Licenses

Override License Classifications

Previous3rd Party Package LicensesNext3rd Party Package Reputation

Last updated 1 year ago

Was this helpful?

Summary

Arnica can identify license risks and violations in 3rd party open source packages. By default, Arnica classifies the licenses according to , but also allows to override the licenses to fit each customer's needs. This page explains how to do it.

Licenses policy

License classification risks can be modified and individual licenses can be overridden with forbidden or allowed classification.

The changes described in the sections below will be reflected the next time full source code scan is performed (daily on paid plans) or in the next event triggered by the , such as a code push or a pull request.

Modify license classification risk severity

  1. Navigate to the and expand Code Risks and then Licenses.

  2. Change the risk severity any of the classification levels by clicking on the preferred risk severity chip.

  1. Click on Save in the bottom of the policy section.

Override forbidden & approved licenses

  2. Click on the + next to the license that needs to be explicitly forbidden or approved.

  3. Select the license by browsing through all licenses or searching at the top of the message box.

  1. The selected licenses will appear in the overrides section. Validate the licenses and click on Save in the bottom of the policy section.

Navigate to the and expand Code Risks and then Licenses.

🔡
policies page
Google's open source documentation
code risk policy
policies page
License classification policy in Arnica
License override search
Overridden licenses