AquilaX Docs
Service StatusFeature RequestLogin
  • Documentation
  • Products and Services
    • Demo
      • Security Engineer - Assistant
      • Security Engineer - Chat
      • Scan code Snippet
    • Products
    • Services
      • Vulnerability Triaging
      • AppSec Training
      • DevSecOps Consultation
      • Deployment Options
      • Security Consultation
      • Integrations
    • Company Principles
      • Engineering Principles
      • AI Principles
      • AquilaX Mission
    • Proof of Value (PoV)
    • SLO/SLA/SLI
    • Security Scanners
    • Supported Languages
    • What is AquilaX
    • Success Cases
      • RemoteEngine
    • AquilaX License Model
  • User Manual
    • Access Tokens
    • Scanners
      • Secret Scanning
      • PII Scanner
      • SAST
      • SCA
      • Container Scanning
      • IaC Scanning
      • API Security
      • Malware Scanning
      • AI Generated Code
      • License Scanning
    • DevTools
      • AquilaX CLI
      • CI/CD
        • GitHub Integration
        • GitLab Integration
      • Vulnerability Tickets
        • GitHub Issues
        • GitLab Issues
        • JIRA Tickets
      • IDE
        • VS Code
    • Frameworks
    • Roles
    • Security Policy
    • Comparison
      • ArmorCode vs AquilaX
      • Black Duck vs AquilaX
      • AquilaX vs other Vendors
    • Press and Logo
    • Install AquilaX
    • Public Scan
    • Scanning Setup Guide
    • AI Chat Prompts
  • API Docs
  • Tech Articles
    • Proprietary AI Models
    • AquilaX Securitron
    • Securitron AI Service
    • Secure SDLC (DevSecOps)
    • Bending the technology
    • SecuriTron In Action
    • Future
      • The Future of Code Review
      • Building Superhumans
    • Blog
      • Breaking the Code: AquilaX
      • Rethinking Authentication in 2024
      • Software Supply Chain Security
      • OneFirewall - Network Security
      • The Art of Doing Source Code Review
      • Our Cloud Infrastracture
    • AppSec
      • 10 ‘must’ controls
      • OWASP Top 10
      • MITRE ATT&CK Framework
      • SQL Injection
      • DevSecOps
      • Insider Threats in Application Security
      • Secure API Development
      • RBAC in Applications
      • Security in CI/CD Pipelines
      • Audits in DevSecOps
      • Security Policies
      • S SDLC
      • Multi-Factor Authentication (MFA)
      • API Gateway Security
      • RESTful APIs
      • Microservices
      • Secure API Development
      • API Security Best Practices
    • AI
      • AI part of AppSec
      • NL-JSON Model
      • Findings Review (AquilaX AI)
      • AI-Driven Vulnerability Triage
    • Tech Events
      • Web Summit 2024
    • ASPM
    • State of Art Secure SDLC
      • Validating Runtime Security
    • Announcements
      • 10 Billion
      • AquilaX Joins NVIDIA Inception
    • Webinars
      • Unlock the Future of Code Security with AI
  • AI Models
    • AI Scanner
    • Query
    • QnA
    • Security Assistant
    • Review
Powered by GitBook
On this page
  • Objective
  • Process Overview

Was this helpful?

  1. User Manual
  2. Scanners

License Scanning

AquilaX License Scanning Compliance Process

This documentation describes the AquilaX compliance process for detecting and handling license mismatching violations in software projects. The process is powered by the AquilaX GenAI Application Security Platform, leveraging AI to ensure comprehensive and efficient license compliance.

Objective

To automate and streamline license scanning using AquilaX's platform, identifying mismatched or incompatible licenses across all project dependencies to ensure compliance with organizational and legal standards.

Process Overview

1. Initialization

The license scanning module in AquilaX begins by integrating with your project's repository, extracting all declared and transitive dependencies, and identifying associated licenses.

2. License Policy Definition

AquilaX allows organizations to define license compliance policies, which include:

  • Approved licenses (e.g., MIT, Apache 2.0).

  • Restricted or incompatible licenses (e.g., AGPL, proprietary licenses).

  • Exceptions based on use cases or environments.

3. Scanning Process

The scanning process includes:

  1. Dependency Detection: Parsing dependency manifests (e.g., package.json, pom.xml, requirements.txt) and lockfiles.

  2. License Identification: Mapping dependencies to their respective licenses via SPDX metadata or project-specific files.

  3. Policy Matching: Comparing each dependency license against the defined compliance policy.

  4. Violation Reporting: Flagging mismatched licenses and providing detailed violation reports.

4. Remediation

AquilaX provides:

  • Suggested remediation steps for replacing non-compliant libraries.

  • Automated license override workflows where applicable.

PreviousAI Generated CodeNextDevTools

Last updated 5 months ago

Was this helpful?