This section will introduce you to the Licenses tab in Kiuwan Insights.
Kiuwan Insights informs you about the License type of every 3rd party component used in your application.
Are you aware of legal licensing implications of using those 3rd party components?
|
Kiuwan Insights helps you to answer these important questions based on information provided on licenses that apply to the components used in your software.
Kiuwan Insights inspects your source code’s external components to discover their license.
Software licensing is primarily based on the legal concept of Copyright.
Consequently, Copyright Infringement is the use of works protected by copyright without permission, infringing certain exclusive rights granted to the copyright holder, such as the right to reproduce, distribute, display or perform the protected work, or to make derivative works.
A Software License is a legal instrument (usually by way of contract law) governing the use or redistribution of software. A software license grants the licensee (typically an end-user) permission to use one or more copies of software. Without a software license, the use of the software would constitute copyright infringement of the software owner's exclusive rights under copyright law.
As you could read further in this document, two common categories of licenses are proprietary software and free and open source software (FOSS).
Proprietary licenses are, of course, privative of the copyright holder. But FOSS licenses are widely used and there are several standards for communicating components, licenses, and copyrights associated with software packages.
Kiuwan Insights adheres to SPDX (Software Package Data Exchange®, https://spdx.org) to report the components’ licensing name and related information.
Kiuwan Insights categorizes any license according to its copyright content so you can easily visualize its type regarding copyrights. |
Most software can be categorized according to its license type.
Two common categories are proprietary software and free and open source software (FOSS).
The distinct conceptual difference between them is the granting of rights to modify and re-use the software product by the user:
Software licenses in the context of copyright according to Mark Webbink (see article).
Kiuwan Insights inspect your software source code to fetch the license type for all 3rd party components. Kiuwan License Engine analyzes the app’s code, identifies the components and extracts their License information from several sources (license .txt files, repository information, etc). After gathering relevant information, Kiuwan categorizes the component’s license under the following types (ordered from most permissive to less):
|
For easy and efficient identification of such licenses, Kiuwan matches the gathered information against SPDX License List (https://spdx.org/licenses/) and provides links to the explanatory description as well as license text. |
For those cases that a license is found but cannot match any of the above lists, Kiuwan assigns that license Unknown type. These cases require manual intervention.
Examples | ||
---|---|---|
PublicDomain | PublicDomain licenses are related to software that has been placed in the public domain. The software in the public domain can be modified, distributed, or sold even without any attribution by anyone; this is unlike the common case of software under exclusive copyright, where software licenses grant limited usage rights There is no copyright, trademark or patent on the work at all. You can do anything with public domain software if the software has been explicitly released to the public domain |
|
Permissive | A permissive software license is a free software license with minimal requirements about how the software can be redistributed: basically, you can do just about anything as long as you provide attribution (acknowledgment) and don’t sue the author. |
|
Copyleft | Copyleft (a play on the word copyright) is the practice of offering people the right to freely distribute copies and modified versions of a work with the stipulation that the same rights be preserved in derivative works down the line. Under copyleft, an author may give every person who receives a copy of the work permission to reproduce, adapt or distribute it, with the accompanying requirement that any resulting copies or adaptations are also bound by the same licensing agreement. This is done to prevent the software from becoming proprietary. |
|
WeakCopyleft | A WeakCopyleft software license is weakly protective, a trade-off between Permissive and Copyleft. This type of license prevents the component (often a software library) from becoming proprietary, yet permitting it to be part of a larger proprietary program.
|
|
Copyrighted | IMPORTANT: Since Berne Convention (1988), which most countries have signed, all works are by default copyright protected and need to be actively given into public domain by a waiver statement, or an explicit license need to be provided. When no explicit license... full, intact, copyright retained. Copyrighted licenses are assumed to public domain software (PD) with no explicit license. When Kiuwan does not find any licensing information for a public component, the Copyrighted type is assigned to that component. Contrary to popular belief, distributed unlicensed software (not in the public domain) is fully copyright protected, and therefore legally unusable (as no usage rights at all are granted by a license) until it passes into the public domain after the copyright term. | Software projects which are placed on public software repositories like GitHub, without a specified license |
Proprietary | Proprietary is any commercial license from a software vendor granted to a final user through a signed end-user license agreement (EULA). |
What are exactly the differences between Copyleft and WeakCopyleft license types?
Both license types are closely related. In both cases, you have obligations to distribute source code under certain conditions. Where there differ is the scope of code that had to be distributed.
If your software using the component keeps private and you do not distribute code or binary to a 3rd party, then you don't have obligations to make source code available. The obligation becomes effective if you give your software (plus the component) to a 3rd party.
The basic difference between Copyleft and WeakCopyleft is the scope of impact when it comes to the case of derivative works.
An example would make the difference more clear:
This is a broad general theory, you should read specific terms of involved licenses, but as a piece of general advice: “Pay close attention to components with a CopyLeft license”.
According to the above explanation of concepts, Insights > Licenses displays overall licensing information of the components used in your application.
Overall section displays:
Kiuwan Insights provides a full list of all those licenses being used by components of your application.
Kiuwan Insights adheres to SPDX (Software Package Data Exchange®, https://spdx.org) to report the components’ licensing name and related information.
For every License, you will have access to detailed information such as:
Kiuwan indicates visually by color licenses (and involved components) that might have some legal implications.
For every license, Kiuwan Insights displays the number of components in your app that are using that license as well as the specific component name and description.