One in Six Developers in Healthcare Report Open Source Breaches | Press Release

For Legal & Compliance Officers

Easily promote conformity with open source rules and regulations.

Legal_Page_Banner_Illustration

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Legal_Page_Banner_Illustration

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Legal_Page_Banner_Illustration@4x

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Legal_Page_Banner_Illustration@4x

Pillars of Open Source Compliance 

Bar_Purple

Transparency into binding open source licencing requirements before, during and after the software development process.

Bar_Coral

Avoiding copyright infringement by understanding "copyleft" legal obligations within third-party code.

Bar_Azure

Having a full Software Bill of Materials (SBOM) for shipped applications to prove third-party licensing obligations and copyright requirements.

Get your FREE Software Bill of Materials

Get your FREE Software Bill of Materials

Expert License Guidance at Your Fingertips

Comprehensive Database of Open Source License Obligations

The most comprehensive database of open source license obligations.

The Sonatype License Obligation Review tool (LORT) is a curated database of open source license obligations across multiple categories, types, and threat groups. LORT helps open source governance teams clearly understand their license obligations to better define policies.

Comprehensive Database of Open Source License Obligations

The most comprehensive database of open source license obligations.

The Sonatype License Obligation Review tool (LORT) is a curated database of open source license obligations across multiple categories, types, and threat groups. LORT helps open source governance teams clearly understand their license obligations to better define policies.

License obligations and full license text in a single dashboard.

LORT displays all license obligations including non-standard terms, copyright information, and commercial use restrictions in a single view. Legal teams save time from manually reviewing every open source license to identify risk. LORT includes:

  • very major open source license with the full license text.
  • Each obligation for a license no matter how obscure.
  • Easy-to-use searching for specific keywords (for example, which licenses have a “nuclear” exclusion).
  • Filters to sort licenses by License Threat Group (LTG), License Name, and Reviewed Status.

License Obligations Dashboard

License Obligations Dashboard

License obligations and full license text in a single dashboard.

LORT displays all license obligations including non-standard terms, copyright information, and commercial use restrictions in a single view. Legal teams save time from manually reviewing every open source license to identify risk. LORT includes:

  • very major open source license with the full license text.
  • Each obligation for a license no matter how obscure.
  • Easy-to-use searching for specific keywords (for example, which licenses have a “nuclear” exclusion).
  • Filters to sort licenses by License Threat Group (LTG), License Name, and Reviewed Status.

Visibility for Legal Teams

Continuous updates provide visibility for legal teams.

LORT is continuously updated by the Sonatype Data Research team, providing lawyers with the reasoning behind the predefined license threat groups and policies within Nexus Lifecycle. By clearly understanding every license obligation, legal teams can use policies as is or create new ones based on their risk tolerance.

Visibility for Legal Teams

Continuous updates provide visibility for legal teams.

LORT is continuously updated by the Sonatype Data Research team, providing lawyers with the reasoning behind the predefined license threat groups and policies within Nexus Lifecycle. By clearly understanding every license obligation, legal teams can use policies as is or create new ones based on their risk tolerance.

Continue Your DevSecOps Transformation Journey

Creditreform Case Study

How Others Automate Open Source Security

Creditreform uses the Nexus Platform to scale vulnerability detection.

SCA Solution Whitepaper

What To Consider When Selecting An SCA Solution

Read how your peers proactively control open-source use to better manage risk. 

Free Application Scan

See If Your Applications Are Secure

Use Nexus Vulnerability Scanner and find out if your open source has licencing requirements. 

Ready to Try Nexus Products?

Sonatype, A Better Way to Build