You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This page contains some tips how to get a grip on copyright and licensing for new and existing projects. Many great tools and guides already exist, this is just a LFEnergy specific selection based on our experiences.

Continuous scanning of dependency licenses using LFX Tools

A project typically includes external dependencies. As these dependencies have their own licenses, it is important to keep an eye on these licenses. These licenses should be compatible among the dependencies and between the dependencies and your project code. As you select other dependencies or different versions of dependencies, these relations can change. Therefore it is important to continuously monitor the relevant licenses.

The Linux Foundation provides services for their open source projects through the LFX Tools. One of those tools LFX Security provides insight in security issues as well as license details of project dependencies. You need a login to be able to view this information. The LFX Security documentation provides some example overviews of scan results.

Get your file headers in order using REUSE

It is best-practice to track copyright- and license information on a per-file basis. Writing this down per file allows you to be more precise about copyright which helps people interested in using or contributing.

The REUSE project defines a specification which ensures that copyright-information of the project is clear and can be analyzed in an automated fashion. This specification is based on other standards like the use of SPDX identifiers and community best practices. So it is likely you are already mostly complying with the REUSE specification.

Apart from the specification, REUSE is a small commandline utility that can be used to properly add copyright and license information and verify against the specification. Some example commands are provided here for quick reference. More documentation can be found on the REUSE getting started page.

Install REUSE and check if your project is REUSE compliant
$ pip install reuse
$ reuse lint
Add copyright and license information to all files that are automatically recognised
$ git ls-files | xargs reuse addheader -c "Alliander N.V." -l MPL-2.0 -y 2020 --skip-unrecognised
Add copyright and license information to specific files that were not recognised
$ reuse addheader -c "Alliander N.V." -l MPL-2.0 -y 2019-2021 --template=MPL-2.0-full --explicit-license app/resources/testfile.json
Download all licenses for all recognised licenses in the project
$ reuse download --all


  • No labels