- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#enable-license-compliance).
@@ -14,17 +14,9 @@ project's dependencies for their licenses. You can then decide whether to allow
each license. For example, if your application uses an external (open source) library whose license
is incompatible with yours, then you can deny the use of that license.
You can take advantage of License Compliance by either:
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline. The License Compliance job is not dependent on any other job in
provided by [Auto DevOps](../../../topics/autodevops/index.md).
The current major version of the License Scanning analyzer is 3.
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline.
For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
GitLab checks the License Compliance report, compares the
licenses between the source and target branches, and shows the information right on the merge
...
...
@@ -41,6 +33,14 @@ is displayed in the merge request area. That is the case when you add the
Consecutive merge requests have something to compare to and the license
(provided by [Auto DevOps](../../../topics/autodevops/index.md)).
- Include the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
## Configuration
### Include the License Scanning template
For GitLab 12.8 and later, to enable License Compliance, you must
[include](../../../ci/yaml/index.md#includetemplate) the
For GitLab versions earlier than 11.9, you can copy and use the job as defined
that template.
Prerequisites:
-[GitLab Runner](../../../ci/runners/index.md) available, with the
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html). If you're using the
shared runners on GitLab.com, this is enabled by default.
- License Scanning runs in the `test` stage, which is available by default. If you redefine the stages in the
`.gitlab-ci.yml` file, the `test` stage is required.
Add the following to your `.gitlab-ci.yml` file:
To [include](../../../ci/yaml/index.md#includetemplate) the
[`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml), add it to your `.gitlab-ci.yml` file:
```yaml
include:
...
...
@@ -123,26 +122,6 @@ include:
The included template creates a `license_scanning` job in your CI/CD pipeline and scans your
dependencies to find their licenses.
NOTE:
Before GitLab 12.8, the `license_scanning` job was named `license_management`. GitLab 13.0 removes
the `license_management` job, so you must migrate to the `license_scanning` job and use the new
is used to detect the languages/frameworks and in turn analyzes the licenses.
The License Compliance settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
[`variables`](../../../ci/yaml/index.md#variables) parameter in `.gitlab-ci.yml`.
### When License Compliance runs
When using the GitLab `License-Scanning.gitlab-ci.yml` template, the License Compliance job doesn't
wait for other stages to complete.
### Available CI/CD variables
License Compliance can be configured using CI/CD variables.
...
...
@@ -653,7 +632,7 @@ successfully run. For more information, see [Offline environments](../../applica
To use License Compliance in an offline environment, you need:
-GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
-To meet the standard [License Compliance prerequisites](#include-the-license-scanning-template).
- Docker Container Registry with locally available copies of License Compliance [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
NOTE:
...
...
@@ -731,7 +710,7 @@ details about them.
For the licenses to appear under the license list, the following
requirements must be met:
1. The License Compliance CI job must be [configured](#configuration) for your project.
1. The License Compliance CI/CD job must be [enabled](#enable-license-compliance) for your project.
1. Your project must use at least one of the
[supported languages and package managers](#supported-languages-and-package-managers).