Mend Support for Third-Party Commercial and Proprietary Components
Overview
Proprietary software is defined as software distributed under a licensing agreement to authorized users with private modification, copying, and redistribution restrictions. Only the original authors of a proprietary software can access, copy, and alter that software. An end-user is not actually purchasing software, but purchasing the right to use the software.
On top of identifying open-source components, Mend.io detects a variety of third-party commercial and proprietary licenses.
Component Detection
Mend.io supports the detection of some commercial libraries via HeroDevs.
License Detection
Mend.io categorizes each license into Open Source, Commercial or Proprietary, with support for hundreds of different open and proprietary license types. You also have the option to mark a library as proprietary or commercial via the Mend AppSec Platform UI.
The Due Diligence report allows users to generate a list of components by license type and distinguish between open-source and non-open-source licenses, along with viewing additional compliance-related metadata.