GitLab Community Edition (CE) is licensed under the terms of the MIT License. GitLab Enterprise Edition (EE) is licensed under “The GitLab Enterprise Edition (EE) license” wherein there are more restrictions.
In order to comply with the terms the libraries we use are licensed under, we have to make sure to check new gems for compatible licenses whenever they’re added. To automate this process, we use the license_finder gem by Pivotal. It runs every time a new commit is pushed and verifies that all gems and node modules in the bundle use a license that doesn’t conflict with the licensing of either GitLab Community Edition or GitLab Enterprise Edition.
vendor directory), must be verified manually and independently. Take care whenever one such library is used, as automated tests won’t catch problematic licenses from them.
Some gems may not include their license information in their
gemspec file, and some node modules may not include their license information in their
package.json file. These won’t be detected by License Finder, and will have to be verified manually.
Note: License Finder currently uses GitLab misused terms of
blacklist. As a result, the commands below reference those terms. We’ve created an issue on their project to propose that they rename their commands.
There are a few basic commands License Finder provides that you’ll need in order to manage license detection.
To verify that the checks are passing, and/or to see what dependencies are causing the checks to fail:
bundle exec license_finder
To allowlist a new license:
license_finder whitelist add MIT
To denylist a new license:
license_finder blacklist add Unlicense
To tell License Finder about a dependency’s license if it isn’t auto-detected:
license_finder licenses add my_unknown_dependency MIT
For all of the above, please include
--why "Reason" and
--who "My Name" so the
decisions.yml file can keep track of when, why, and who approved of a dependency.
More detailed information on how the gem and its commands work is available in the License Finder README.
Please see the Open Source page for more information on licensing.