Skip to main content
Skip table of contents

Legal and Compliance Workflows

Note: Changes to licenses, copyrights, or notices apply at the organization level, i.e., the new license/copyright/notice will show up on the library in every project/application in which it exists.

Overview

As a Legal Compliance Manager, you may want to easily identify applications and projects with the most critical licensing risks and investigate areas where licenses are unidentified, to ensure the organization’s compliance with licensing requirements efficiently and effectively.

Notable Features

  1. A Legal section in the left navigation menu, completely separating between open-source libraries, proprietary (in-house) libraries and commercial libraries.
    Visit the OS Inventory page for your project or application’s Software Bill of Materials (SBOM).

  2. License Side Panel - A dedicated side panel for license-related details to improve accessibility and clarity.

  3. Comments - Users can add, view, and manage comments within the legal workflow, ensuring efficient collaboration and tracking.

  4. Navigation - Context-focused and action-oriented navigation.

Getting it done

The Legal section is available on the left-pane menu in the context of an Application or a Project:

image-20250329-082923.png

Three pages are available to you within the Legal section:

  1. OS Inventory - SBOM and Attribution data.

  2. Proprietary - Proprietary licenses only.

  3. Commercial - Commercial licenses only.

The OS Inventory Table

The OS Inventory table provides a comprehensive view of libraries and their associated licenses, copyrights, and dependencies for efficient management of the open-source inventory.

image-20250512-223846.png

OS Inventory Columns

  1. Library – Displays the library name. Note that if a library has multiple licenses, they will be grouped together and displayed in the relevant line under the Licenses column.

  2. Project – Displays the project name when viewed at the application level.

  3. License Risk – Displays the license risk icon, reflecting the risk category (Low, Medium, High, Unknown, Requires Review) and score.

  4. Licenses – Displays associated licenses.

  5. Copyrights – Displays available copyrights, with an override option.

  6. Notice – Displays available notices, with an override option.

  7. Language – Displays the programming language of the library.

  8. Dependency – Displays the dependency type (Direct, Transitive, Direct/Transitive).

  9. Author - Displays the library’s author’s name. Hidden by default.

  10. Library Location - Displays the library location path. Hidden by default.
    When multiple locations exist, one is displayed in the table while the rest are displayed in the tooltip.

  11. Selection - You can toggle the option to include or exclude a library in the Attribution Report.

image-20250512-225312.png

OS Inventory Actions

Multi-Select Actions

Select multiple libraries using the checkboxes on the left to perform bulk image-20250513-083010.png:

image-20250513-083602.png

Available Bulk actions include:

  1. Mark as Proprietary

  2. Include in (Attribution) Report

  3. Exclude from (Attribution) Report

Single Library Actions
image-20250513-082216.png
  1. Assign License – Clicking this action opens the Assign License wizard:

    image-20250513-083954.png
  2. Assign/Override Copyright – Clicking this action opens the Assign Copyright wizard:

    image-20250513-083827.png
  3. Add Notice - Clicking this action opens the Add Notice wizard:

    image-20250513-082537.png
  4. Mark as Proprietary - Clicking this action opens the Mark as Proprietary wizard:

    image-20250513-081306.png
  5. Mark as Commercial – Clicking this action opens the Mark as Commercial wizard:

    image-20250513-084319.png
  6. Include in (Attribution) Report

  7. Exclude from (Attribution) Report

  8. Create Report - When no libraries are selected, the Create Report button (image-20250329-091236.png) will be visible above the upper-right corner of the table. Clicking it will open the Create Report wizard, allowing you to generate both Dependencies Attribution and Dependencies SBOM reports:

    image-20250329-091117.png
  9. Export to CSV - Clicking the Export to CSV button (image-20250329-091616.png) will export the data to a .CSV file. Note that copyrights and notices are exported as text.

Manual License Type Assignment for Libraries

In the OS Inventory view, you can also mark a library as Proprietary or Commercial. This provides more flexibility to manage your software inventory more precisely, ensuring better compliance and governance for both open-source and non-open-source libraries.

Note: Assigning a Proprietary or Commercial license to a library will override Mend’s license assignments at the organization level. You can revert to the original license assignment as detected by Mend.

Mark Library as Proprietary
image-20250512-225633.png
  1. Select the Library you would like to mark as Proprietary.

  2. Click on the Actions button in the top right of the OSS List table.

  3. Select Mark as Proprietary. The wizard will require a comment to be added.

  4. Click Mark as Proprietary.

image-20250512-225852.png
  1. To see the list of libraries that were marked as Proprietary, navigate to the Proprietary view in the left pane table menu (image-20250512-230440.png). To revert an existing assignment, you should select the library and click on Mark as Open Source in the top left corner.

image-20250512-230334.png


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.