Setup a Licence checking process
Description
A licence checking process uses a tool (commercial or open-source) to automatically analyse the code base and identify licences and copyrights within. If executed regularly, this allows to catch IP issues early.
Assessment
Question: Is there an easy-to-setup Licence checking process available for projects?
Tools
Recommendations
- Inform people about the risks associated with bad licencing.
- Propose an easy solution for projects to setup licence checking on their code base.
- Communicate on its importance and help projects to add it in their CI systems.
- Consider conducting an internal audit to identify licences of the company infrastructure.
Resources
- Scancode
- Recommended Open Source Compliance Practices for the Enterprise. A book by Ibrahim Haddad, from the Linux Foundation, about open-source compliance practices for the enterprise.