License Compliance
CodeStax analyzes the licenses of your third-party dependencies to help you stay compliant.
License Categories
Permissive Licenses (Safe)
These licenses allow commercial use with minimal restrictions:
- MIT — Most permissive, widely used
- Apache 2.0 — Permissive with patent grant
- BSD 2-Clause / 3-Clause — Minimal restrictions
- ISC — Simplified MIT-style
Copyleft Licenses (Warning)
These require derivative works to use the same license:
- GPL v2 / v3 — Strong copyleft — may require open-sourcing your code
- LGPL — Weak copyleft — linking is allowed without open-sourcing
- AGPL — Network copyleft — triggered by providing a web service
Restrictive/Proprietary (Violation)
- SSPL — Server Side Public License
- BSL — Business Source License
- Custom proprietary licenses
Compliance Dashboard
The License tab on the SCA page shows:
| Metric | Description |
|---|---|
| Compliance Score | 0-100 percentage of compliant packages |
| Total Packages | Number of dependencies analyzed |
| Violations | Packages with incompatible licenses |
| Warnings | Packages with copyleft licenses (may be fine depending on usage) |
| Unknown | Packages where license couldn’t be determined |
Best Practices
- Set a license policy — Decide which licenses are acceptable for your project
- Review warnings — Copyleft licenses aren’t always a problem, but review them case by case
- Investigate unknowns — Packages without detectable licenses should be manually reviewed
- Use SCA scans regularly — New dependencies or updates may introduce license changes