GitLab Documentation

GitLab Licensing and Compatibility

GitLab CE is licensed under the terms of the MIT License. GitLab EE is licensed under "The GitLab Enterprise Edition (EE) license" wherein there are more restrictions. See their respective LICENSE files (CE, EE) for more information.

Automated Testing

In order to comply with the terms the libraries we use are licensed under, we have to make sure to check new gems for compatible licenses whenever they're added. To automate this process, we use the license_finder gem by Pivotal. It runs every time a new commit is pushed and verifies that all gems in the bundle use a license that doesn't conflict with the licensing of either GitLab Community Edition or GitLab Enterprise Edition.

There are some limitations with the automated testing, however. CSS and JavaScript libraries, as well as any Ruby libraries not included by way of Bundler, must be verified manually and independently. Take care whenever one such library is used, as automated tests won't catch problematic licenses from them.

Some gems may not include their license information in their gemspec file. These won't be detected by License Finder, and will have to be verified manually.

License Finder commands

There are a few basic commands License Finder provides that you'll need in order to manage license detection.

To verify that the checks are passing, and/or to see what dependencies are causing the checks to fail:

bundle exec license_finder

To whitelist a new license:

license_finder whitelist add MIT

To blacklist a new license:

license_finder blacklist add GPLv2

To tell License Finder about a dependency's license if it isn't auto-detected:

license_finder licenses add my_unknown_dependency MIT

For all of the above, please include --why "Reason" and --who "My Name" so the decisions.yml file can keep track of when, why, and who approved of a dependency.

More detailed information on how the gem and its commands work is available in the License Finder README.

Acceptable Licenses

Libraries with the following licenses are acceptable for use:

Unacceptable Licenses

Libraries with the following licenses are unacceptable for use:

Requesting Approval for Licenses

Libraries that are not listed in the Acceptable Licenses or Unacceptable Licenses list can be submitted to the legal team for review. Please email legal@gitlab.com with the details. After a decision has been made, the original requestor is responsible for updating this document.

Notes

Decisions regarding the GNU GPL licenses are based on information provided by The GNU Project, as well as the Open Source Initiative, which both state that linking GPL libraries makes the program itself GPL.

If a gem uses a license which is not listed above, open an issue and ask. If a license is not included in the "acceptable" list, operate under the assumption that it is not acceptable.

Keep in mind that each license has its own restrictions (typically defined in their body text). Please make sure to comply with those restrictions at all times whenever an external library is used.

Gems which are included only in the "development" or "test" groups by Bundler are exempt from license requirements, as they're not distributed for use in production.

NOTE: This document is not legal advice, nor is it comprehensive. It should not be taken as such.