License Management

Introduced in GitLab Ultimate 11.0.

Overview

If you are using GitLab CI/CD, you can search your project dependencies for their licenses using License Management, either by including the CI job in your existing .gitlab-ci.yml file or by implicitly using Auto License Management that is provided by Auto DevOps.

Going a step further, GitLab can show the licenses list right in the merge request widget area.

Use cases

It helps you find licenses that you don't want to use in your project and see which dependencies use them. For example, your application is using an external (open source) library whose license is incompatible with yours.

Supported languages and dependency managers

The following languages and dependency managers are supported.

Language Package managers
JavaScript Bower, npm
Go Godep, go get
Java Gradle, Maven
.NET Nuget
Python pip
Ruby gem

How it works

First of all, you need to define a job named license_management in your .gitlab-ci.yml file. Check how the license_management job should look like.

In order for the report to show in the merge request, there are two prerequisites:

  • the specified job must be named license_management
  • the resulting report must be named gl-license-management-report.json and uploaded as an artifact

The license_management job will search the application dependencies for licenses, the resulting JSON file will be uploaded as an artifact, and GitLab will then check this file and show the information inside the merge request.

License Management Widget