LICENSE COMPLIANCE
Know your open-source license risk.
See every license in your dependencies, find the copyleft and unknown ones before an auditor does, and ship the whole inventory inside your SBOM.
Every license, across the whole tree
Licenses hide across hundreds of direct and transitive packages. ZeroPath resolves the full tree, reads each package's license, and sorts them by risk, so a GPL or AGPL package three levels down cannot surprise you during an acquisition or a customer review.
- Direct and transitive licenses across 35+ ecosystems
- Sorted into permissive, weak copyleft, and strong copyleft
- A missing license reads as missing, never as a clean bill
From inventory to audit-ready
License visibility, risk classification, and a standards-format SBOM, all from the scans you already run.
Every direct and transitive dependency's license, the license your own manifests declare, and a clear list of the packages that ship none.
GPL and AGPL surface as strong copyleft, LGPL and MPL as weak copyleft, MIT and Apache as permissive, so the licenses worth a look stand out.
Each component's license travels with it in a CycloneDX, SPDX, or VEX export, ready for auditors, customers, and acquirers.
Part of Supply Chain
One scan, your whole supply chain
License compliance rides the same SCA scan as your dependency vulnerabilities, reachability, and SBOM, so there is nothing extra to run.
See SCA
