Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. xray
  2. License Compliance

License Studio

Override license and copyright metadata on components, with automatic propagation via Impact Analysis.

License Studio

License Studio lets you manually override the license and copyright metadata that Xray detects on any component. When automatic detection is incomplete or incorrect, you can add, remove, or replace licenses and set copyright notices - and Xray will propagate those changes across every artifact that contains the component using Impact Analysis.

Use Case

Open-source components sometimes ship without a clear license declaration, or Xray's automated scanners may identify a license that doesn't match the actual terms. Similarly, copyright strings embedded in source files can be missing or outdated. License Studio addresses both scenarios:

  • License Editing : Add a known license to a component (single or bulk), or remove an incorrectly assigned license. Xray validates the license name against its full license database before accepting the change.
  • Copyright Editing : Replace the set of copyright notices attached to a component. This requires the SBOM capability to be enabled on the Xray instance.

Once a change is saved, Xray runs a targeted Impact Analysis pass: it resolves every scanned resource that includes the component and re-evaluates license-compliance policies against them. This means your policies, watches, and reports reflect the corrected metadata without a full re-scan.


How-To: Via the UI

  1. In Xray scan results - click on the SBOM tab
  2. In the SBOM tab - Click on a component to open the Component Details right pane
  3. In the Component Details right pane - click the Edit License or Edit Copyright Icons

How-To: Via the API

Add a License to a Single Component

POST /api/v1/licenses
Content-Type: application/json

{
  "component": {
    "package_id": "npm://lodash",
    "version": "4.17.21"
  },
  "license": {
    "name": "MIT",
    "full_name": "MIT License"
  }
}

Add a License to Multiple Components (Bulk)

POST /api/v1/licenses/bulk
Content-Type: application/json

{
  "components": [
    { "package_id": "npm://lodash", "version": "4.17.21" },
    { "package_id": "npm://express", "version": "4.18.2" }
  ],
  "license": {
    "name": "MIT",
    "full_name": "MIT License"
  }
}

Delete a License from a Component

DELETE /api/v1/licenses?component_id=<component_id>&license=<license_name>

Set Copyrights on a Component

POST /ui/copyrights
Content-Type: application/json

{
  "component_id": "npm://lodash:4.17.21",
  "copyrights": [
    "Copyright (c) JS Foundation and other contributors"
  ]
}

Note: All license and copyright changes trigger Impact Analysis automatically. There is no separate step required to propagate the updated metadata.

Updated about 24 hours ago