LogoLogo
WebsitePricingBlog
  • Debricked Documentation
  • Overview
    • Getting started
      • Create a OpenText Core SCA account
      • Running OpenText Core SCA
    • Help
      • Frequently asked questions (FAQ)
      • Upgrade your account
      • Get help in OpenText Core SCA tool
    • Language support
      • C# - Nuget, Paket
      • CycloneDX SBOM
      • Go - Go Modules, Go Dep, Bazel
      • Java & Kotlin - Gradle, Maven, Bazel
      • JavaScript - NPM, Yarn, Bower
      • Objective-C - CocoaPods
      • PHP - Composer
      • Python - Pip, Pipenv
      • Ruby - RubyGems
      • Rust - Cargo
      • Swift - CocoaPods
      • Linux package managers
      • Scala - SBT
    • Security overview
  • Product
    • Vulnerability management
      • Security terms
      • Data sources
      • See your data
      • Pull Requests (PR)
        • Enable Pull Request support
        • Solve vulnerabilities using Pull Requests (PR)
        • Solve vulnerabilities using Pull Requests (PR) via API
      • Set a review status
        • Snooze or pause a review status
      • Reachability Analysis
        • Set up Reachability Analysis for Java
        • Set up Reachability Analysis for Go
      • Solve vulnerabilities manually with root fixes
    • License risk management
      • Licence families
      • License risks
      • Set up a use case
        • Set up a use case using API
      • Proxy non-standard license identifiers
    • Project health
      • Contributors
      • Popularity
      • Security
    • Open source select
      • Search projects
      • Compare projects
      • View more details
      • Start left policies
      • OpenText Core SCA Select Browser Extension
      • End of Life (EOL)
    • Automation
      • Create an automation rule
      • Edit an automation rule
      • Default automation rules
      • Set up webhooks
      • Policies
      • Monitoring
    • Exporting or SBOM
      • Overview
      • License export
      • Vulnerability export
      • SBOM export
        • CycloneDX SBOM export
        • SPDX SBOM export
    • Administration
      • Generate access token
      • Account
        • Change your password
        • Delete your account
        • Delete company account
      • Billing
        • Manage contributing developers
        • Manage billing frequency
        • Manage payment methods
        • Access invoices
        • Manage your subscription
      • Settings
        • Enable and disable snoozing vulnerabilities
        • Supported language for Debricked tool
        • View logged events
        • Two-Factor Authentication (2FA)
      • Users
        • User roles (freemium and premium)
        • Role-Based Access Control (Enterprise)
        • Manage users
          • Add a new user
      • Repositories
        • Default Branch
        • Repository groups
        • Manually upload a dependency file
        • Manage your commits
  • Tools & Integrations
    • Command Line Interface (CLI)
      • Debricked CLI
        • High performance scans
        • File fingerprinting
      • Legacy CLI
    • CI/CD integrations
      • GitHub
      • CircleCI
      • BuildKite
      • GitLab
      • Bitbucket
      • Azure DevOps
      • Argo workflows
      • Travis CI
      • Jenkins
      • Bamboo
      • TeamCity
    • Fortify on Demand (FoD)
    • Fortify Software Security Center (SSC)
    • Debricked APIs
      • Open source select API
    • Integrated Development Environments (IDEs)
    • Single Sign-On (SSO)
      • Single Sign-On (SSO) through Okta
      • Single Sign-On (SSO) through Microsoft Entra ID
      • Single Sign-On (SSO) through JumpCloud OIDC
      • Single Sign-On (SSO) through GitHub
  • Tips & Tricks
    • Debricked CLI migration guide
    • Workarounds
      • Scanning Conan (C++) projects
      • Scanning a repository with different services
      • Scanning Docker images
      • Automations: Do not fail on found CVE lacking a fix
Powered by GitBook
LogoLogo

Company

  • Pricing
  • Blog

Support

  • Privacy Policy
  • Terms & Conditions
  • Service Status

Resources

  • Vulnerability DB
  • Open Source Select

© 2018-2024 | Open Text

On this page
  • Adaptive
  • Non-copyleft
  • Non-free
  • Permissive
  • Strong copyleft
  • Weak copyleft
  • Public domain

Was this helpful?

Export as PDF
  1. Product
  2. License risk management

Licence families

Understand how OpenText Core SCA defines different open-source license families.

At OpenText Core SCA, we group licenses into different license families, applicable to different use cases. They are shown in one of the columns in the License view and can be used in your customized automation rules. Here’s how we categorize them:

Adaptive

The Adaptive Public License, or APL (APL-1.0), is a weak copyleft that is adaptable. The project owner may set up license conditions by choosing specific options from a template. Such options include patent rights, limited attribution, and to what extent changes need to be documented.

Non-copyleft

Software with a non-copyleft license is permitted to be included in products that are distributed under another license, including proprietary ones. Common non-copyleft licenses include BSD Licenses such as BSD 2-Clause "Simplified" License (BSD-2-Clause), and MIT License (MIT).

Non-free

A non-free license, or proprietary license, allows the owner to restrict the use, modification, and redistribution of the software.

Permissive

A permissive software license, also known as BSD-style license, is a "free software" license that, compared to copyleft, only has minimal restrictions on how to use, modify and redistribute the software. The best-known permissive licenses are BSD Licenses, Apache Licenses, such as Apache License 2.0 (Apache-2.0), and MIT License.

Strong copyleft

In the family of strong copyleft licenses, regulations can be imposed on all derived works, meaning that the original creator of the works has the most rights. One of the best-known strong copyleft licenses is the GNU General Public Licenses, such as GNU General Public License v3.0 only (GPL-3.0-only). Strong copyleft licenses are also applicable to art, music, sports, photography, and video.

Weak copyleft

Weak copyleft licenses refer to licenses where not all derived work inherits the copyleft license. Instead, it depends on how the work was derived. Weak copyleft licenses are mostly used for software libraries by allowing links to other libraries. Known examples of these are the Mozilla Public License 2.0 (MPL-2.0), and GNU Lesser General Public License v3.0 only (LGPL-3.0-only). The best-known products with weak copyright are Mozilla and OpenOffice.org.

Public domain

Software placed in the public domain is free from all obligations. That is, there is no copyright, trademark, or patent. The software may be distributed, modified, or sold without any attribution.

Last updated 3 days ago

Was this helpful?