How to Handle 'Unknown' Licenses on My Dashboard?

May 8, 2016

Video Transcript

 

Hello and Welcome to WhiteSource training.

So you ran your plugin and now you see a long list of libraries with 'unknown' licenses? How come?

You should know that according to GitHub, almost 50% of all open source projects uploaded are not assigned an open source license. This means, that in some cases, there will not be an open source license to be found. You should be aware that these libraries are not permitted to be used in commercial software products.

Whenever you run WhiteSource's plugin, our system reviews all your project's libraries and detects the open source ones to assign an open source license. Commercial and in-house developed libraries will appear as unknown licenses.

Therefore, in order to resolve the unknowns in your project, let’s do the following:

1. We’ll Mark all libraries developed by your organization as in-house to remove it from your dashboard and reports. Note this is relevant, for now, only for binaries and not source files.

2. We’ll manually assign a license to third party commercial components to monitor its licenses through WhiteSource.

3. We’ll manually assign a license, if you know for sure the origin of your library.

4. We’ll request for a license resolution for the remaining ’unknowns’.

Let's start with marking all of your proprietary libraries as in-house. 

There are two ways to set it up: an automated rule, either by name or by maven coordinates, and a manual selection.

Let’s take a look at the following project and go over these two options.

If your organization uses any type of naming convention to mark their proprietary libraries, you should first set a rule by a library name. In this example, I’ll mark all libraries with a prefix of “sensei dash“ in their name.

Just go to the admin menu and select ‘in house’ from the Settings area.

Then, click ‘add rule’ and write the prefix that your company uses in the By Name textbox. In this example, I’ll add “sensei dash“.

You can also specify the rule according to the Maven coordinates: Artifact ID and Group ID.

Click OK to close the window and then Save and Apply.

You can now see that the rule was added to the ‘In-House Rules’ panel. You will also see all libraries this rule applies to in the below ‘In-house libraries matched by rules’ panel. In our example, two relevant libraries appear now.

You can now go back to your dashboard and see that these two libraries are not listed anymore.

Now, let’s mark a library as ‘in-house’ by manual selection. Let’s assume we know that “tiger types 1.3.jar” was developed in-house, but doesn’t match any pattern.

In this case, I’ll go to the product page by clicking details, or clicking Products at the upper menu, and look for the relevant library in the Libraries panel.

Once identified, I'll tick the library box. Then, I’ll go to the action menu and select Mark as ‘in-house’. The library will be removed immediately from your dashboard and reports.

If I’ll go back to ‘in-house’ page, by clicking Admin and in-house in the setting area, I’ll see that the library was added to the ‘Manual In-house Libraries’ panel.

Remember you can always unmark, edit or delete these rules and libraries will appear or disappear from your dashboard and reports accordingly.

Now let's see how to  assign a license to commercial libraries. This can be done either on the library page by clicking on the library name and then choosing ‘Assign Yourself”, or at the same way that we just manually marked libraries as in house. In the “Assign License” screen just select commercial from the License dropdown and specify the reference together with any additional comments that you wish to add.

Once done, just click OK to save the license and close the window.

If you have identified all your proprietary and commercial libraries, but still see some libraries with unknown licenses and you know the origin, you can assign a license by yourself. If you know for sure what is the license of your library, then just follow the same process as you assigned a commercial tag and select the open source license from the license dropdown and assign it to your library.

If you still see libraries with unknown licenses, we need to ensure these libraries do indeed have an open source license, as we were not able to automatically assign one.

Go to the product page, tick the relevant library box and under the action menu item click on “Request License Resolution”. This will trigger an alert to our licensing team which will verify the open source license manually and assign it for you.

Just like any other feature, you can find the full documentation of these features in our wiki.

Thank you for using WhiteSource.

Previous Video
How To Install the Web Advisor
How To Install the Web Advisor

In order to use the selection tool you first need to receive a link from WhiteSource. Clicking on the link ...

Next Video
How to Install The Npm Plugin
How to Install The Npm Plugin