Can Mend track OSS licenses of third-party libraries? How can your solution support enforcement of OSS licensing policies?

Yes, as long as the libraries are scanned in the same form in which they are published in the respective OSS repository.

The policy mechanism allows configuration of multiple policies (for licensing, vulnerabilities and other library properties). A policy violation triggers and alert (both in the dashboard and as email notification) and can be configured to either fail a pipeline build or not.