Skip to content

License data import

SPDX licenses

The Linux Foundation gathers a list of commonly found licenses and exceptions used for open source and other collaborative software. The list is called SPDX License List and is imported daily into SecObserve from a JSON file hosted on GitHub.

Configuration

Per default the task to import the SPDX licenses is scheduled to run every night at 01:30 UTC time. This default can be changed by administrators via the Settings.

SPDX license import configuration

Hour is always in UTC time.

ScanCode LicenseDB

The ScanCode LicenseDB is a free and open database of mostly all the software licenses, including a category per license. Administrators can import the data from the ScanCode LicenseDB with a button in the list of License Groups. License groups will be created or updated for each category, containing the respective SPDX licenses.