Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

For Legal and Compliance Officers

Easily promote conformity with open source rules and regulations.

Legal_Page_Banner_Illustration

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Legal_Page_Banner_Illustration

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Legal_Page_Banner_Illustration@4x

Smarter risk management professionals use Nexus solutions to eliminate open source risk.

Legal_Page_Banner_Illustration@4x

Pillars of Open Source Compliance 

Bar_Purple

Transparency into binding open source licencing requirements before, during and after the software development process.

Bar_Coral

Avoiding copyright infringement by understanding "copyleft" legal obligations within third-party code.

Bar_Azure

Having a full Software Bill of Materials (SBOM) for shipped applications to prove third-party licensing obligations and copyright requirements.

Get your FREE Software Bill of Materials

Get your FREE Software Bill of Materials

Comprehensive Database of Open Source License Obligations

The most comprehensive database of open source license obligations.

The Sonatype License Obligation Review tool (LORT) is a curated database of open source license obligations across multiple categories, types, and threat groups. LORT helps open source governance teams clearly understand their license obligations to better define policies.

Comprehensive Database of Open Source License Obligations

The most comprehensive database of open source license obligations.

The Sonatype License Obligation Review tool (LORT) is a curated database of open source license obligations across multiple categories, types, and threat groups. LORT helps open source governance teams clearly understand their license obligations to better define policies.

License obligations and full license text in a single dashboard.

LORT displays all license obligations including non-standard terms, copyright information, and commercial use restrictions in a single view. Legal teams save time from manually reviewing every open source license to identify risk. LORT includes:

  • Every major open source license with the full license text.
  • Each obligation for a license no matter how obscure.
  • Easy-to-use searching for specific keywords (for example, which licenses have a “nuclear” exclusion).
  • Filters to sort licenses by License Threat Group (LTG), License Name, and Reviewed Status.

License Obligations Dashboard

License Obligations Dashboard

License obligations and full license text in a single dashboard.

LORT displays all license obligations including non-standard terms, copyright information, and commercial use restrictions in a single view. Legal teams save time from manually reviewing every open source license to identify risk. LORT includes:

  • Every major open source license with the full license text.
  • Each obligation for a license no matter how obscure.
  • Easy-to-use searching for specific keywords (for example, which licenses have a “nuclear” exclusion).
  • Filters to sort licenses by License Threat Group (LTG), License Name, and Reviewed Status.

Dr. Nowack

“Manual processes were the norm for investigating each individual open source license. The team realized they needed to implement automated security management for licensing and governance across all development teams.”

Dr. Antje Nowack, Head of Research and Basic Concerns at Creditreform

Dr. Nowack

“Manual processes were the norm for investigating each individual open source license. The team realized they needed to implement automated security management for licensing and governance across all development teams.”

Dr. Antje Nowack, Head of Research and Basic Concerns at Creditreform

Continue Your DevSecOps Transformation Journey

Creditreform Case Study

How Others Automate Open Source Security

Creditreform uses the Nexus platform to scale vulnerability detection.

SCA Solution Whitepaper

What to Consider When Selecting an SCA Solution

Read how your peers proactively control opensource use to better manage risk. 

Free Application Scan

Are Your Applications Secure?

Use Nexus Vulnerability Scanner and find out if your open source has licencing requirements. 

Ready to Try Nexus Products?

Sonatype, A Better Way to Build