Getting Started with Snyk License Compliance Management
Feature availability Basic license policy configuration on a single default license policy is available with Business plans. Full policy creation and management is available with Enterprise plans. See pricing plans for more details.
Get started with Snyk license compliance management, to check compliance for the open source licenses in your code, as part of your Snyk Open Source solution.
The Snyk Default License Policy defines how Snyk identifies potential license issues in the open source packages your projects are using. The default policy applies to all organizations created within your group.
This process describes using the Snyk UI and a supported source code management system. You can also use an IDE tool or a CI/CD integration, or use the Snyk CLI tool to get started using the command line.


Ensure you have:

Stage 1: Define policies

To take effective action based on license issues, you need to define policies defining these actions, based on license types. Policies provide a way to capture different requirements within an organization, based on factors such as line of business. Work with your legal team to create policies which are specific to your company.
To open your group default license policy, complete the following steps:
  1. 1.
    Select the organization drop down.
  2. 2.
    Select your Group Overview.
  3. 3.
    Select the Policies tab.

Create policy rules

Each policy contains rules, detailing which licenses are acceptable and which are forbidden for use, together with a severity level which indicates how severe the license violation is. For example, severity levels for internal-only license issues may be less severe than for those released externally.
To define your group license policy, complete the following steps:
  1. 1.
    Select Snyk Default License Policy.
  2. 2.
    Enter a Description for the policy, if desired.
  3. 3.
    For each license listed on the right, select the Severity from the drop down list to indicate which license issues you want to identify when running Snyk tests.
  4. 4.
    If you select a severity other than None, and you want to include additional instructions that will show i f that license issue is identified, select the icon to the right of the Severity drop down and enter the text for the license instruction. Select Add or Update.
The additional instructions show in the Snyk Web UI and the CLI when the selected licenses are identified.

Stage 2: View issues

Snyk’s Git-based integrations support license scanning as part of the regular workflow. During scanning, license issues appear as a filterable list in the Issues tab:
This example shows a high-severity issue for a GPL-2.0 license, with accompanying instructions as defined in policies for that license.
You can also view license issues using the Snyk CLI tool, after running snyk test:
View dependencies
Snyk shows license issues in both your direct and transitive dependencies, in a full dependency tree to show what dependency introduced the license issue.
This example includes two high severity license policy violations, caused by:
View lists and copyrights
You can view and share detailed lists of licenses being used, and see a report that lists all the open source components and licenses along with copyright information.

Stage 3: Process issues

You can now take actions to resolve the license issues identified during the scan, to help you build and deploy your application without outstanding licensing issues.
The actions you take depend on the license conditions and on your policies. For example, if a license violation is surfaced, this issue can be mitigated by either approaching your legal team, or by replacing the dependency which added the violation.

For more information