Software licenses

Every open-source artifact in your project—whether it’s a package, gem, wheel, dependency, or similar—may either lack a license entirely or come with one or more licenses detailing the terms and conditions for its use. These licenses are set by the project maintainer(s), not ActiveState.

Types of software licenses

You can find out about the types of software licenses using external resources, including

• SPDX License List
• The Software Licence Wikipedia article

We recommend you consult with your own legal council, compliance team, or open source team to learn about software licenses and what policies you may have.

Find applicable licenses using a Software Bill of Materials (SBOM)

You can generate an SBOM to find the license information appropriate to your project. The resulting SBOM is our best effort to list all applicable licenses relating to your project, but due to the iterative nature of software, it is not guaranteed to be an exhaustive list.

There are multiple kinds of licenses in the ActiveState SBOMs

• Maintainer license - what the maintainer declares in the repository (pypi, ruby gems, etc) - we attempt to ingest and have this available in the SBOM
• Found / Scanned license files - what licenses were found using OSS license scanning tools. There may be multiple license files that may match, or sometimes not match, the maintainer declared license.

Use additional methods of verification, including searching for maintainer-declared licenses.

Find licenses using the language source repository

A common way to find the maintainer-declared license is to look directly in the package and/or source repository. Examples are included below.

Python

https://pypi.org/

• Search the package name like “pandas” (https://pypi.org/project/pandas/)
• Scroll down to license
• If not using most current you may need to click releases and go back to an earlier version (licenses don’t often change between language releases, but do change between versions)
• Click the repository link

This example brings you to a GitHub project, and the maintainer license is on the right-hand information panel.

Ruby

https://rubygems.org/

• Search the package name like “bundler” (https://rubygems.org/gems/bundler)
• Scroll down to license
• If not using most current you may need to click versions and go back to earlier version (licenses don’t often change between language releases, but do change between versions)
• Click Source Code to visit the code repository

This example brings you to a GitHub project, and the maintainer license is on the right-hand information panel.

Find licenses by reviewing the source code

Another method of finding the license(s) is to review the source code itself. To ensure you are getting the exact version of code built by ActiveState, you can pull down our copy of the source code by using our API and locate license information.

To find/search for additional license files by following our guide to download your project ingredients.