Skip to content

Configure Forbidden Licenses

BoostSecurity can alert you when your projects use third-party packages with forbidden licenses. It inspects your SBOM inventories to check package licenses against your organization's policies and raises alerts for violations.

Prerequisites

To enable the license alerts, you need to:

  • Generate SBOM inventories.
  • Enable the BoostSecurity scanner.
  • Create policies that define the forbidden licenses and actions to take.

How to Create License Check Policies

Policies define the actions to take when forbidden licenses are detected and specify which licenses are considered forbidden for your organization. For example, a policy can send a Slack message or fail a build when a forbidden license is found.

To create a policy for forbidden licenses, follow these instructions:

  1. Navigate to the Policy page.

  2. Click on the New Policy button located at the top-right corner of the page.

    New Policy

  3. Add a Policy name, e.g., Forbidden License, and a Description.

  4. Select a default action for the rule. Available actions include:

    • Fail the check
    • Add a comment to the PR
    • Generate AI Remediation
    • Send a notification
    • Create a ticket
    • Drop
    • Do not notify developers (If no action is selected, the system defaults to this)

    Note

    The Generate AI Remediation action requires Add a comment to the PR action to be selected simultaneously for results to be returned.

  5. Add rules to the policy by clicking the Add Rule button.

    Add Rules

  6. Click the Add Action button, then select Vulnerability Class as the rule category and set it to the Use of Forbidden License. Also, select a corresponding condition to perform if the rule category is triggered.

    Define Rule

  7. Configure the Scanner:

    • Click on the Scanners tab next.
    • Select the BoostSecurity Scanner. Ensure to select only the Use of Forbidden Licenses group and deselect the rest of the grouped rules under the scanner.

    Search License Scanner

  8. Next, move to the Components tab and select OSS licenses.

    • Choose the Selection Type as Denied Licences and choose the unauthorized license to check for from the list of available licences.

    Select Licenses

  9. Click on Save to save the policy and the configured settings.

FAQs

How to update the BoostSecurity Scanner Forbidden Licenses List

To update the list of forbidden licenses in your organization:

  1. Navigate to the Policy page and click on the saved policy for forbidden licenses.
  2. Click on the "Components" tab.

  3. Select or deselect unauthorized licenses to update your configured settings.

    Edit Licenses

  4. Finally, click the Save button to update the list of forbidden licenses on the policy.