Licenses
Every time you test your code in the Snyk Web UI, the Snyk CLI, or using PR Checks, your repositories are scanned not only for vulnerabilities but also for license compliance. This includes all of your direct and indirect dependencies. Snyk scans your manifest files, and then checks for license issues against Snyk’s known licenses.
To enable customers to get started with license compliance faster, we created an out-of-the-box default policy. The default policy is a baseline that tries to answer the requirements of multiple types of applications (SaaS, distributed, etc.), and may be used as a starting point to calibrate additional license policies. The default policy does not endorse or criticize any license.
- High severity - licenses that definitely present issues for commercial software.
- Medium severity - licenses that have clauses that may be of concern and should be reviewed.
Different customers may have different needs and tolerance for different license types. We encourage you to make sure you made the needed changes or created new policies that fit your company’s specific requirements.
New licenses added by Snyk will inherit the Unknown license type severity. In cases where this severity was not set to None, newly added licenses will appear in the licenses compliance results.
If you notice a license with the wrong license assigned to it, you can reach out to our support team. We will investigate the request and update the license if needed.
To facilitate the onboarding of your developers, we recommend that your teams check these defaults, update severities, and add instructions per license type based on the policies outlined specifically by your Legal teams.
After being updated, when Snyk detects a license violation, it displays the violation for all users in the Organization on the test results, on the Snyk Web UI, the Snyk CLI, or using PR Checks. in the same way as a security vulnerability, and including the severity and instructions you configured.
For example:

License card overview
You can view an inventory of all of your licenses across all your Projects. Snyk also lists packages that have dual licenses and multiple licenses. See View licenses for more information.
Snyk does not support package versions which include a git commit hash.
- npm
- RubyGems
- Maven
- Pip
- Nuget
- Go
- Composer
- Cocoapods
Snyk does not support package versions which include a git commit hash.
- C/C++