Detect licenses in your container images with the Mend CLI scan
Overview
The Mend CLI license detection feature provides compliance insights and automates the process of detecting and cataloging licenses for each OS and language-specific package within your organization's container images.
Note: This article specifically covers the usage of the Mend CLI’s license detection feature. For general information on the Container Image engine of the Mend CLI, check out these articles:
Getting it done
Prerequisites before detecting licenses in your container images with the Mend CLI
The following prerequisites are required before running a Mend CLI Container Image scan:
Run the Mend CLI to detect licenses in your container images
License detection happens in each container image scan, and the results will always appear in the Mend Platform Application.
View the licenses detected by the Mend CLI Container Image scan
Once the Mend CLI scan is completed, there are multiple resources to review your results.
License detection - Mend CLI view
To see the license results within the Mend CLI output, run the following command:
mend image <image_name[:image_tag]> --show license
The Mend CLI output will contain a summary of the total count of licenses detected and their associated packages:
Field | Description |
|---|---|
Package | The name of the detected package. |
License | The list of licenses that were detected for each package. |
License detection - Mend Platform view
To view the licenses detected in the Mend Platform Application:
Navigate to the Application/Project dashboard in the Mend Platform Application.
Select Containers in the left menu bar.
Click on the Packages tab.
Select a specific package to view.
Click on the Licenses tab on the pop-up screen to see the detected licenses for a selected package.
Manually assign licenses to your container images in the Mend Platform Application
You can modify the licenses assigned to your container images in the Mend Platform Application by doing the following:
Navigate to the Application/Project dashboard in the Mend Platform Application.
Select Containers in the left menu bar.
Click on the Packages tab.
Select a specific package to modify.
Click on the Licenses tab on the pop-up screen to modify the detected licenses for a selected package.
A pop-up wizard appears that allows you to either:
Remove: Remove a specific license(s) detected by Mend.
Revert: Reset to the original license detected by Mend.
+ Assign License: Add a license from our predefined list.
When assigning a new license, you have to add a Liability Reference.
Click on Assign License to save the changes.
Tip: Manual license changes are org-wide, meaning your customized licenses will be applied to the relevant package across the entire organization. This includes all container images in the organization. New scans will not override your manual license changes for the package.
Scanning the same image to a different organization will present the original license value detected by Mend.
Export your container image package data via the Mend Platform Application
You can export your package data, which includes the licensing information, via the Application/Project dashboard → select your image → Packages tab → Export to CSV option:
This will export the relevant image’s package data to a report in CSV file format.
Reference
Mend CLI Container Image-supported distributions for OS license detection
For information on our Mend CLI Container Image support, check our reference section in Configure the Mend CLI for Container Images.
Boundaries of the license results
Adding change comments to the manual license modifications is currently not available.