Online / 6 & 7 February 2021


Automating your license compliance policy with OSS Review Toolkit

In this session we will demonstrate how to write a license policy in OSS Review Toolkit to automatically check the licenses found in a project and its dependencies.

One of the reasons OSS Review Toolkit was started by its creators was a need to go beyond the usual allow/deny license policy in most SCA tools. For instance we wanted to be able to write checks with multiple levels of compliance depending on what was being reviewed or based on package meta data. In this session we will demonstrate how one can write license policy with checks/rules that take into account package metadata date or the code, license and product context.


Photo of Thomas Steenbergen Thomas Steenbergen