You are here:

License Coverage

Question: How much of the code base has declared licenses?

Description

How much of the code base has declared licenses that scanners can recognize which may not be just OSI-approved. This includes both software and documentation source files and is represented as a percentage of total coverage.

Objectives

License Coverage provides insight into the percentage of files in a software package that have a declared license, leading to two use cases:

  1. A software package is sourced for internal organizational use and declared license coverage can highlight points of interest or concern when using that software package.
  2. Further, a software package is provided to external, downstream projects and declared license coverage can make transparent license information needed for downstream integration, deployment, and use.

Implementation

The usage and dissemination of health metrics may lead to privacy violations. Organizations may be exposed to risks. These risks may flow from compliance with the GDPR in the EU, with state law in the US, or with other law. There may also be contractual risks flowing from terms of service for data providers such as GitHub and GitLab. The usage of metrics must be examined for risk and potential data ethics problems. Please see CHAOSS Data Ethics document for additional guidance.

Filters

Time: Licenses declared in a repository can change over time as the dependencies of the repository change. One of the principle motivations for tracking license presence, aside from basic awareness, is to draw attention to any unexpected new license introduction.

Visualizations

Web Presentation of Augur Output:

Augur Web Output

JSON Presentation of Augur Output:

Augur Json Output

Tools providing the Metric

  1. Augur

Data can be pulled and filtered to get the desired information. License Coverage data can be found on any Augur risk page

References

To edit this metric please submit a Change Request here: https://github.com/chaoss/wg-risk/blob/main/focus-areas/licensing/license-coverage.md

To reference this metric in software or publications please use this stable URL: https://chaoss.community/?p=3961

The usage and dissemination of health metrics may lead to privacy violations. Organizations may be exposed to risks. These risks may flow from compliance with the GDPR in the EU, with state law in the US, or with other laws. There may also be contractual risks flowing from terms of service for data providers such as GitHub and GitLab. The usage of metrics must be examined for risk and potential data ethics problems. Please see CHAOSS Data Ethics document for additional guidance.

Tags:
Was this article helpful?
Dislike 0