Detect licenses in your container images with the Mend CLI scan
Overview
The Mend CLI license detection feature provides compliance insights and automates the process of detecting and cataloging licenses for each OS and language-specific package within your organization's container images.
Note: This article specifically covers the usage of the Mend CLI’s license detection feature. For general information on the Container Image engine of the Mend CLI, check out these articles:
Getting it done
Prerequisites before detecting licenses in your container images with the Mend CLI
The following prerequisites are required before running a Mend CLI Container Image scan:
Run the Mend CLI to detect licenses in your container images
License detection happens in each container image scan, and the results will always appear in the Mend Cloud Native Application.
View the licenses detected by the Mend CLI Container Image scan
Once the Mend CLI scan is completed, there are multiple resources to review your results.
License detection - Mend CLI view
To see the license results within the Mend CLI output, run the following command:
mend image <image_name[:image_tag]> --show license
The Mend CLI output will contain a summary of the total count of licenses detected and their associated packages:
Field | Description |
|---|---|
Package | The name of the detected package. |
License | The list of licenses that were detected for each package. Note: licenses are according to the SPDX format https://spdx.org/licenses/ |
License detection - Mend Cloud Native Application view
To view the licenses detected in the Mend Cloud Native Application, navigate to the Images dashboard → select your image → Package Data tab → Licenses column:
Manually assign licenses to your container images in the Mend Cloud Native Application
You can modify the licenses assigned to your container images in the Mend Cloud Native Application by doing the following:
Navigate to the Images dashboard → select your image → Package Data tab.
Within the table, navigate to the Actions column → click on the vertical ellipsis of the relevant package → select Modify licenses:
A pop-up wizard appears that allows you to either:
Reset to default: Reset to the original license detected by Mend.
+ Add custom license: Add a license from our predefined list.
Check the box next to each license you wish to assign to the package.
Click on the Save button to save your changes.
Tip: Manual license changes are org-wide, meaning your customized licenses will be applied to the relevant package across the entire organization. This includes all container images in the organization. New scans will not override your manual license changes for the package.
Scanning the same image to a different organization will present the original license value detected by Mend.
Export your container image package data via the Mend Cloud Native Application
You can export your package data, which includes the licensing information, via the Images dashboard → select your image → Package Data tab → Export to CSV option:
This will export the relevant image’s package data to a report in CSV file format.
Reference
Mend CLI Container Image-supported distributions for OS license detection
For information on our Mend CLI Container Image support, check our reference section in Configure the Mend CLI for Container Images.
Boundaries of the license results
Adding change comments to the manual license modifications is currently not available.