And adoption certainly doesn’t look to be slowing down. The AGPL continues to be used be the license of choice for a number of popular projects including SugarCRM, Launchpad, and Diaspora and popular smaller components as well. As a consequence, Synopsys finds AGPL-licensed code showing up in about 10% of the codebases we audited in 2016, and it’s almost always problematic. Overall, 13.5% of codebases contained AGPL-like licensed components. By the way, iText, software to create and manipulate PDF documents, appeared with most frequency. (These numbers come from 1,100 codebases the Black Duck audits group audited in 2016 as described in the 2017 Open Source Security and Risk Analysis.)
With cloud and SaaS being so popular today, if someone wants to keep their software “free” (as in “freedom”) or if a company wants to cover all cases with a dual-licensing strategy, it makes sense that they would pick the AGPL. And while 8,000 projects is not huge in the context of the millions of open source projects out there, the frequency with which they show up in audits suggests they are overall very popular. The AGPL is alive and well.