Add note about license expressions

b1c6e678 · Tetiana Chupryna · Russell Dickenson · cd6a75af · b1c6e678
Commit b1c6e678 authored Sep 13, 2021 by Tetiana Chupryna Committed by Russell Dickenson Sep 13, 2021
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

doc/user/compliance/license_compliance/index.md doc/user/compliance/license_compliance/index.md +9 -0

No files found.
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@@ -49,6 +49,15 @@ When GitLab detects a **Denied** license, you can view it in the [license list](
 You can view and modify existing policies from the [policies](#policies) tab.
 ![Edit Policy](img/policies_maintainer_edit_v14_2.png)
+## License expressions
+GitLab has limited support for [composite licenses](https://spdx.github.io/spdx-spec/appendix-IV-SPDX-license-expressions/).
+License compliance can read multiple licenses, but always considers them combined using the `AND` operator. For example,
+if a dependency has two licenses, and one of them is allowed and the other is denied by the project [policy](#policies),
+GitLab evaluates the composite license as _denied_, as this is the safer option.
+The ability to support other license expression operators (like `OR`, `WITH`) is tracked
+in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/6571).
 ## Supported languages and package managers
 The following languages and package managers are supported.