License Coverage
Question: How much of the code base has declared licenses?
Description
How much of the code base has declared licenses that scanners can recognize which may not be just OSI-approved. This includes both software and documentation source files and is represented as a percentage of total coverage.
Objectives
License Coverage provides insight into the percentage of files in a software package that have a declared license, leading to two use cases:
- A software package is sourced for internal organizational use and declared license coverage can highlight points of interest or concern when using that software package.
- Further, a software package is provided to external, downstream projects and declared license coverage can make transparent license information needed for downstream integration, deployment, and use.
Implementation
The usage and dissemination of health metrics may lead to privacy violations. Organizations may be exposed to risks. These risks may flow from compliance with the GDPR in the EU, with state law in the US, or with other law. There may also be contractual risks flowing from terms of service for data providers such as GitHub and GitLab. The usage of metrics must be examined for risk and potential data ethics problems. Please see CHAOSS Data Ethics document for additional guidance.
Filters
Time: Licenses declared in a repository can change over time as the dependencies of the repository change. One of the principle motivations for tracking license presence, aside from basic awareness, is to draw attention to any unexpected new license introduction.
Visualizations
Web Presentation of Augur Output:
JSON Presentation of Augur Output:
Tools providing the Metric
Data can be pulled and filtered to get the desired information. License Coverage data can be found on any Augur risk page
References
To edit this metric please submit a Change Request here: https://github.com/chaoss/wg-risk/blob/main/focus-areas/licensing/license-coverage.md
To reference this metric in software or publications please use this stable URL: https://chaoss.community/?p=3961
The usage and dissemination of health metrics may lead to privacy violations. Organizations may be exposed to risks. These risks may flow from compliance with the GDPR in the EU, with state law in the US, or with other laws. There may also be contractual risks flowing from terms of service for data providers such as GitHub and GitLab. The usage of metrics must be examined for risk and potential data ethics problems. Please see CHAOSS Data Ethics document for additional guidance.