- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#enable-license-compliance).
@@ -14,17 +14,9 @@ project's dependencies for their licenses. You can then decide whether to allow
...
@@ -14,17 +14,9 @@ project's dependencies for their licenses. You can then decide whether to allow
each license. For example, if your application uses an external (open source) library whose license
each license. For example, if your application uses an external (open source) library whose license
is incompatible with yours, then you can deny the use of that license.
is incompatible with yours, then you can deny the use of that license.
You can take advantage of License Compliance by either:
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline. The License Compliance job is not dependent on any other job in
provided by [Auto DevOps](../../../topics/autodevops/index.md).
The current major version of the License Scanning analyzer is 3.
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline.
For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
GitLab checks the License Compliance report, compares the
GitLab checks the License Compliance report, compares the
licenses between the source and target branches, and shows the information right on the merge
licenses between the source and target branches, and shows the information right on the merge
...
@@ -41,6 +33,14 @@ is displayed in the merge request area. That is the case when you add the
...
@@ -41,6 +33,14 @@ is displayed in the merge request area. That is the case when you add the
Consecutive merge requests have something to compare to and the license
Consecutive merge requests have something to compare to and the license
(provided by [Auto DevOps](../../../topics/autodevops/index.md)).
- Include the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
## Configuration
### Include the License Scanning template
For GitLab 12.8 and later, to enable License Compliance, you must
Prerequisites:
[include](../../../ci/yaml/index.md#includetemplate) the
`.gitlab-ci.yml` file, the `test` stage is required.
For GitLab versions earlier than 11.9, you can copy and use the job as defined
that template.
Add the following to your `.gitlab-ci.yml` file:
To [include](../../../ci/yaml/index.md#includetemplate) the
[`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml), add it to your `.gitlab-ci.yml` file:
```yaml
```yaml
include:
include:
...
@@ -123,26 +122,6 @@ include:
...
@@ -123,26 +122,6 @@ include:
The included template creates a `license_scanning` job in your CI/CD pipeline and scans your
The included template creates a `license_scanning` job in your CI/CD pipeline and scans your
dependencies to find their licenses.
dependencies to find their licenses.
NOTE:
Before GitLab 12.8, the `license_scanning` job was named `license_management`. GitLab 13.0 removes
the `license_management` job, so you must migrate to the `license_scanning` job and use the new
is used to detect the languages/frameworks and in turn analyzes the licenses.
The License Compliance settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
[`variables`](../../../ci/yaml/index.md#variables) parameter in `.gitlab-ci.yml`.
### When License Compliance runs
When using the GitLab `License-Scanning.gitlab-ci.yml` template, the License Compliance job doesn't
wait for other stages to complete.
### Available CI/CD variables
### Available CI/CD variables
License Compliance can be configured using CI/CD variables.
License Compliance can be configured using CI/CD variables.
...
@@ -653,7 +632,7 @@ successfully run. For more information, see [Offline environments](../../applica
...
@@ -653,7 +632,7 @@ successfully run. For more information, see [Offline environments](../../applica
To use License Compliance in an offline environment, you need:
To use License Compliance in an offline environment, you need:
-GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
-To meet the standard [License Compliance prerequisites](#include-the-license-scanning-template).
- Docker Container Registry with locally available copies of License Compliance [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
- Docker Container Registry with locally available copies of License Compliance [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
NOTE:
NOTE:
...
@@ -731,7 +710,7 @@ details about them.
...
@@ -731,7 +710,7 @@ details about them.
For the licenses to appear under the license list, the following
For the licenses to appear under the license list, the following
requirements must be met:
requirements must be met:
1. The License Compliance CI job must be [configured](#configuration) for your project.
1. The License Compliance CI/CD job must be [enabled](#enable-license-compliance) for your project.
1. Your project must use at least one of the
1. Your project must use at least one of the
[supported languages and package managers](#supported-languages-and-package-managers).
[supported languages and package managers](#supported-languages-and-package-managers).