LogoLogo
WebsitePricingBlog
  • Debricked Documentation
  • Overview
    • Getting started
      • Create a OpenText Core SCA account
      • Running OpenText Core SCA
    • Help
      • Frequently asked questions (FAQ)
      • Upgrade your account
      • Get help in OpenText Core SCA tool
    • Language support
      • C# - Nuget, Paket
      • CycloneDX SBOM
      • Go - Go Modules, Go Dep, Bazel
      • Java & Kotlin - Gradle, Maven, Bazel
      • JavaScript - NPM, Yarn, Bower
      • Objective-C - CocoaPods
      • PHP - Composer
      • Python - Pip, Pipenv
      • Ruby - RubyGems
      • Rust - Cargo
      • Swift - CocoaPods
      • Linux package managers
      • Scala - SBT
    • Security overview
  • Product
    • Vulnerability management
      • Security terms
      • Data sources
      • See your data
      • Pull Requests (PR)
        • Enable Pull Request support
        • Solve vulnerabilities using Pull Requests (PR)
        • Solve vulnerabilities using Pull Requests (PR) via API
      • Set a review status
        • Snooze or pause a review status
      • Reachability Analysis
        • Set up Reachability Analysis for Java
        • Set up Reachability Analysis for Go
      • Solve vulnerabilities manually with root fixes
    • License risk management
      • Licence families
      • License risks
      • Set up a use case
        • Set up a use case using API
      • Proxy non-standard license identifiers
    • Project health
      • Contributors
      • Popularity
      • Security
    • Open source select
      • Search projects
      • Compare projects
      • View more details
      • Start left policies
      • OpenText Core SCA Select Browser Extension
      • End of Life (EOL)
    • Automation
      • Create an automation rule
      • Edit an automation rule
      • Default automation rules
      • Set up webhooks
      • Policies
      • Monitoring
    • Exporting or SBOM
      • Overview
      • License export
      • Vulnerability export
      • SBOM export
        • CycloneDX SBOM export
        • SPDX SBOM export
    • Administration
      • Generate access token
      • Account
        • Change your password
        • Delete your account
        • Delete company account
      • Billing
        • Manage contributing developers
        • Manage billing frequency
        • Manage payment methods
        • Access invoices
        • Manage your subscription
      • Settings
        • Enable and disable snoozing vulnerabilities
        • Supported language for Debricked tool
        • View logged events
        • Two-Factor Authentication (2FA)
      • Users
        • User roles (freemium and premium)
        • Role-Based Access Control (Enterprise)
        • Manage users
          • Add a new user
      • Repositories
        • Default Branch
        • Repository groups
        • Manually upload a dependency file
        • Manage your commits
  • Tools & Integrations
    • Command Line Interface (CLI)
      • Debricked CLI
        • High performance scans
        • File fingerprinting
      • Legacy CLI
    • CI/CD integrations
      • GitHub
      • CircleCI
      • BuildKite
      • GitLab
      • Bitbucket
      • Azure DevOps
      • Argo workflows
      • Travis CI
      • Jenkins
      • Bamboo
      • TeamCity
    • Fortify on Demand (FoD)
    • Fortify Software Security Center (SSC)
    • Debricked APIs
      • Open source select API
    • Integrated Development Environments (IDEs)
    • Single Sign-On (SSO)
      • Single Sign-On (SSO) through Okta
      • Single Sign-On (SSO) through Microsoft Entra ID
      • Single Sign-On (SSO) through JumpCloud OIDC
      • Single Sign-On (SSO) through GitHub
  • Tips & Tricks
    • Debricked CLI migration guide
    • Workarounds
      • Scanning Conan (C++) projects
      • Scanning a repository with different services
      • Scanning Docker images
      • Automations: Do not fail on found CVE lacking a fix
Powered by GitBook
LogoLogo

Company

  • Pricing
  • Blog

Support

  • Privacy Policy
  • Terms & Conditions
  • Service Status

Resources

  • Vulnerability DB
  • Open Source Select

© 2018-2024 | Open Text

On this page
  • View all licenses
  • View all repositories affected by license
  • License review or override

Was this helpful?

Export as PDF
  1. Product

License risk management

Master the art of managing open source licenses with OpenText Core SCA.

Last updated 3 days ago

Was this helpful?

When working with open source, it is crucial to ensure and maintain open-source compliance, also from a commercial perspective. To help with that, OpenText Core SCA provides you with a comprehensive overview of all licenses in the repositories you have integrated with us. You can find that information in different areas of the tool.

View all licenses

To view licenses, click License tab on the left side menu. Here, you can view the list of all your licenses in alphabetical order. The screen displays the following information:

  • Name: The name of license.

  • License Risk - The grade of potential compliance risks involved with the specific license, assessed based on the use case chosen for the repository.

  • Dependencies - The number of dependencies affected by the license.

  • License family - The family to which the license belongs.

View all repositories affected by license

To view all repositories affected by license, follow these steps:

  1. Click License tab on the left side menu. Here, you can view the with a list of all your licenses in alphabetical order.

  2. Click a specific license to view all repositories with that specific license. Here, you can also view the risk associated with the license within all affected repositories, as well as how many dependencies per repository are affected.

  3. After you click a specific repository, the above-mentioned information can also be found in the Licences tab.

License review or override

This feature is only available for Enterprise users.

As a Repository or Company Admin (Enterprise), you can review and manually override the license found by OpenText Core SCA on a dependency level.

To do so:

  1. From a repository page, go to the License tab. Here you can view the list of all licenses detected in the repository.

  1. Click Review. Here, you can find a list of all licenses detected and can override the data.

Depending on your needs, you can:

  • Delete the license by clicking the trashcan icon.

  • Change the detected license, by clicking Change license and selecting a new one from the dropdown menu

  • Add license(s) by clicking the + button for multi-licensing.

License families
License risks
Set up a use case
Proxying non-standard license identifiers