.svg){kind=logo}
While checking the inventory report we often stumble upon ‘Exact Match’ libraries that are also in status ‘Requires Review’ as the associated license information is missing.
It's important to know that it’s not unusual to have an ‘Exact Match’ for a library that has no license information.
The role of the Exact Match is not to indicate if a library’s associated information is known or unknown to WhiteSource.
This label only means that the application populated the library in the inventory based on its SHA1 ( because, inside the application, a SHA1 match is considered an ‘Exact’ match).
Therefore the ‘Exact Match’ label does not determine if a library should have a known license. The missing license information can have multiple causes:
-
the library is proprietary -> should be marked as in-house
-
the library is commercial
-
the library has a SHA1 that was not found in our database
In this case, whether the library is an ‘Exact Match’ or not you should require a license review to be performed for that library.