Introducing License Scan

Michael Lubas, 2024-02-14 can now manage open source license compliance for Elixir applications. If your business regulates which licenses are allowed, or simply requires this information be recorded, now automates this work. There is a serendipitous feature of this release: a dependency inventory can be obtained at compile time instead of runtime.

Consider the following use cases:

  1. GPL licensed software is not allowed in an organization.
  2. A highly regulated business is required to track open source license information.
  3. An engineering team wants to fetch dependency information at compile time. Application Secure can now alert on specific license violations. Here is an example where the alert is shown to developers via the GitHub App:

The Overview page shows when the most recent License Scan was run, with the top 3 results. You may notice the number of libraries is different for App Audit and License Scan. This is because App Audit is a runtime inventory, and collects information about the environment (Elixir version, Erlang libraries) when the application starts up. The runtime requirement may be an issue for some teams. License Scan can fetch this information at compile time.

The License Scan page shows a detailed record of each dependency, version, and relevant license. In some cases one library may have multiple licenses, for example bcrypt_elixir.

Open source license compliance is a task that most engineers would prefer to automate and complete as quickly as possible. makes this simple. stops data breaches by securing your Elixir and Phoenix apps. Detect and fix critical security issues today.

Subscribe to stay up to date on new posts.