Legal and Compliance Workflows
Note: Changes to licenses, copyrights, or notices apply at the organization level, i.e., the new license/copyright/notice will show up on the library in every project/application in which it exists.
Overview
As a Legal Compliance Manager, you may want to easily identify applications and projects with the most critical licensing risks and investigate areas where licenses are unidentified, to ensure the organization’s compliance with licensing requirements efficiently and effectively.
Notable Features
A Legal section in the left navigation menu, completely separating between open-source libraries, proprietary (in-house) libraries and commercial libraries.
Visit the OS Inventory page for your project or application’s Software Bill of Materials (SBOM).License Side Panel - A dedicated side panel for license-related details to improve accessibility and clarity.
Comments - Users can add, view, and manage comments within the legal workflow, ensuring efficient collaboration and tracking.
Navigation - Context-focused and action-oriented navigation.
Getting it done
The Legal section is available on the left-pane menu in the context of an Application or a Project:

Three pages are available to you within the Legal section:
OS Inventory - SBOM and Attribution data.
Proprietary - Proprietary licenses only.
Commercial - Commercial licenses only.
The OS Inventory Table
The OS Inventory table provides a comprehensive view of libraries and their associated licenses, copyrights, and dependencies for efficient management of the open-source inventory.

OS Inventory Columns
Library – Displays the library name. Note that if a library has multiple licenses, they will be grouped together and displayed in the relevant line under the Licenses column.
Project – Displays the project name when viewed at the application level.
License Risk – Displays the license risk icon, reflecting the risk category (Low, Medium, High, Unknown, Requires Review) and score.
Licenses – Displays associated licenses.
Copyrights – Displays available copyrights, with an override option.
Notice – Displays available notices, with an override option.
Language – Displays the programming language of the library.
Dependency – Displays the dependency type (Direct, Transitive, Direct/Transitive).
Author - Displays the library’s author’s name. Hidden by default.
Library Location - Displays the library location path. Hidden by default.
When multiple locations exist, one is displayed in the table while the rest are displayed in the tooltip.Selection - You can toggle the option to include or exclude a library in the Attribution Report.

OS Inventory Actions
Multi-Select Actions
Select multiple libraries using the checkboxes on the left to perform bulk :

Available Bulk actions include:
Mark as Proprietary
Include in (Attribution) Report
Exclude from (Attribution) Report
Single Library Actions

Assign License – Clicking this action opens the Assign License wizard:
Assign/Override Copyright – Clicking this action opens the Assign Copyright wizard:
Add Notice - Clicking this action opens the Add Notice wizard:
Mark as Proprietary - Clicking this action opens the Mark as Proprietary wizard:
Mark as Commercial – Clicking this action opens the Mark as Commercial wizard:
Include in (Attribution) Report
Exclude from (Attribution) Report
Create Report - When no libraries are selected, the Create Report button (
) will be visible above the upper-right corner of the table. Clicking it will open the Create Report wizard, allowing you to generate both Dependencies Attribution and Dependencies SBOM reports:
Export to CSV - Clicking the Export to CSV button (
) will export the data to a .CSV file. Note that copyrights and notices are exported as text.
Manual License Type Assignment for Libraries
In the OS Inventory view, you can also mark a library as Proprietary or Commercial. This provides more flexibility to manage your software inventory more precisely, ensuring better compliance and governance for both open-source and non-open-source libraries.
Note: Assigning a Proprietary or Commercial license to a library will override Mend’s license assignments at the organization level. You can revert to the original license assignment as detected by Mend.
Mark Library as Proprietary

Select the Library you would like to mark as Proprietary.
Click on the Actions button in the top right of the OSS List table.
Select Mark as Proprietary. The wizard will require a comment to be added.
Click Mark as Proprietary.

To see the list of libraries that were marked as Proprietary, navigate to the Proprietary view in the left pane table menu (
). To revert an existing assignment, you should select the library and click on Mark as Open Source in the top left corner.
