Synopsys Enters into Definitive Agreement for Sale of Application Security (Software Integrity Group) Learn More

close search bar

Sorry, not available in this language yet

close language selection

Nearly 80% of code in modern applications originates from open source projects and is protected under various open source licenses. Failure to completely fulfill the obligations of every license puts your own IP at risk.

Risk varies across license types

Permissive licenses, considered low risk, contain minimal requirements or restrictions regarding how software can be modified or redistributed. Examples include the MIT license and Apache license. 


Often referred to as limited, weak copyleft, or copyleft, these licenses are considered medium risk because if you modify the code, you must release the modifications, but not your whole application, under the same license. Examples include Mozilla and the Eclipse public licenses.


Restrictive licenses carry a great deal of legal risk. If you use a component with one of these, you might be legally obligated to publicly release your entire application code. Examples are the GNU GPL and GNU LGPL.

Allowed Required Forbidden
Commercial use Distribute Modify Patent use Private use Disclose source License & copyright notice Same license State changes Liability Warranty Trademark use
Mozilla Public License 2.0
Apache License 2.0
MIT License
Boost Software License 1.0
The Unlicense

AI code generation and license risk

AI coding assistants like GitHub Copilot and ChatGPT are trained on open source projects. These tools can provide source code without including license context, leaving you open to IP infringement risk.

Synopsys software composition analysis (SCA) snippet analysis scans source code written by developers or AI coding tools to identify partial bits of open source code, match it back to the project it originated from, and provide license information and compliance guidance.

Automate open source license compliance with Synopsys SCA

Identify open source licenses

For every open source dependency identified, Synopsys SCA surfaces the exact licenses being used. This includes explicitly declared licenses, sublicenses, and embedded licenses. 

open source license dependency details
open source license requirement restrictions

Get simplified insights

Requirements and restrictions associated with each license are extracted and provided in a simplified view, along with complete license texts and copyright information.

Get alerts on policy violations and license conflicts

Alerts are issued when license policies are violated, or when conflicts exist between the project license and dependency licenses. 

Component license risk
policy management

Create custom policy rules

Custom policy management defines which licenses are allowed and which workflows should be triggered should a violation occur.

Automate notices file generation

Notices files, which are required of almost every open source license, are automatically or manually generated for projects and consumable via user interfaces and APIs.

file notices report

On-demand expertise for open source license compliance

Get a comprehensive view into open source license obligations with an open source and third-party software audit. Black Duck® audits are the industry’s most trusted open source due diligence solution, combining leading SCA capabilities with expert open source auditors to provide a complete and accurate Software Bill of Materials to help you make informed decisions with confidence.

Learn more about open source risk management