License Management [ULTIMATE]
If you are using GitLab CI/CD, you can search your project dependencies for their licenses using License Management.
In addition, you can manually approve or blacklist licenses in the project's settings.
Going a step further, GitLab can show the licenses list right in the merge request widget area, highlighting the presence of licenses you don't want to use, or new ones that need a decision.
It helps you find what licenses your project uses in its dependencies, and decide for each of then whether to allow it or forbid it. For example, your application is using an external (open source) library whose license is incompatible with yours.
Supported languages and package managers
The following languages and package managers are supported.
|Go||Godep, go get|
How it works
First of all, you need to define a job in your
.gitlab-ci.yml file that generates the
License Management report artifact.
For more information on how the License Management job should look like, check the
example on Dependencies license management with GitLab CI/CD.
GitLab then checks this report, compares the licenses between the source and target
branches, and shows the information right on the merge request.
Blacklisted licenses will be clearly visible with an
x red icon next to them
as well as new licenses which need a decision from you.
If the license management report doesn't have anything to compare to, no information
will be displayed in the merge request area. That is the case when you add the
license_management job in your
.gitlab-ci.yml for the first time.
Consecutive merge requests will have something to compare to and the license
management report will be shown properly.
If you are a project or group Maintainer, you can click on a license to be given the choice to approve it or blacklist it.
Project policies for license management
From the project's settings:
- The list of licenses and their status can be managed.
- Licenses can be manually approved or blacklisted.
To approve or blacklist a license:
Either use the Manage licenses button in the merge request widget, or navigate to the project's Settings > CI/CD and expand the License Management section.
Click the Add a license button.
In the License name dropdown, either:
- Select one of the available licenses. You can search for licenses in the field at the top of the list.
- Enter arbitrary text in the field at the top of the list. This will cause the text to be added as a license name to the list.
Select the Approve or Blacklist radio button to approve or blacklist respectively the selected license.
License Management report under pipelines
From your project's left sidebar, navigate to CI/CD > Pipelines and click on the
pipeline ID that has a
license_management job to see the Licenses tab with the listed
licenses (if any).