# License risks

To grade the potential compliance risks involved with different licenses, we assess them using a grading system. Keep in mind that the color grading represents the estimated amount and complexity of the compliance concerns. This does not mean that some licenses are riskier than others - if you understand all the compliance requirements of a license and are able to fulfill them, then the license is practically risk-free regardless of our grading.

The risk levels are created under the assumption that the installed dependency is not affected by external factors, including, but not limited to, interactions with other dependencies and effects of compilation. We advise you to adjust the risk levels based on your own internal policies, risk tolerance and use case.

<table data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><h4><mark style="color:red;"><strong>RED</strong></mark></h4></td><td><p><strong>High compliance risk, not allowed</strong> </p><p>This grading is used for a license that is not allowed use, e.g. in company or project context, or for a use-case reason (such as with GPLv3 in consumer electronics) because it will likely cause a breach of the license terms, exposing you to possible legal challenges.<br></p></td></tr><tr><td><h4><mark style="color:red;"><strong>RED</strong></mark></h4></td><td><p><strong>Unknown license</strong> </p><p>This grading applies to licenses where using the code without understanding its conditions may lead to legal risks.</p></td></tr><tr><td><h4><mark style="color:orange;"><strong>ORANGE</strong></mark></h4></td><td><strong>Restricted license</strong> with substantial compliance risks. Such licenses should only be allowed after getting some legal guidance and on a case-by-case basis, as the compliance considerations are generally difficult to fully comply with.</td></tr><tr><td><h4><mark style="color:yellow;"><strong>YELLOW</strong></mark></h4></td><td><strong>Approved license</strong>, with sizable compliance considerations. In such licenses the source code must be made publicly available and there are restrictions in combining with other code under a different license, as with the licenses in the Copyleft license family.</td></tr><tr><td><h4><mark style="color:green;"><strong>GREEN</strong></mark></h4></td><td><strong>Approved license</strong>, with few compliance considerations. In such licenses the copyright and permission notice must be maintained in distributions of code, as with most licenses of the Permissive license family. </td></tr><tr><td><h4><mark style="color:blue;"><strong>BLUE</strong></mark></h4></td><td><strong>Non-OSS / Commercial / Proprietary license</strong></td></tr></tbody></table>

To read more about license families, license risks, use cases, and compliance, click [blogs](https://docs.debricked.com/opentext-core-sca-blogs/blogs).