Licenses are managed in the Admin module under Configuration | Licenses.
You can add a new license by clicking New or edit the information for a license by selecting its License Key in the list.
Artifactory comes preconfigured with all the common OSI licenses and JFrog has already tuned these licenses against common project builds.
By selecting Export, you can also export the license list and import it later on to new Artifactory instances.
|A unique identifier for this license in Artifactory|
|A description of the license|
|The URL that describes the terms of the license|
The regular expression by which to match the license (by comparing it to license information in module files).
|When set, this license is approved which means you allow the use of components that come with this license.|
When you run a build from your CI server (Hudson, TeamCity or Bamboo), configure the Artifactory Plugin to run license checks as part of the build.
Below is a sample section from the Hudson configuration of the Artifactory Plugin:
You can configure whether or not you wish license checks to take place as part of deploying Build Info to Artifactory (the Build Info Bill of Materials must be deployed to Artifactory for license checks to run).
You can also set a list of recipients to be notified about license violations as soon as they occur. This way whenever a dependency with an unknown or unapproved license is added to the build recipients receive an immediate email notification and can tend to any potential license violation.
Sending license violation notifications is performed through Artifactory and requires a valid mail server to be configured.
Currently, Artifactory does not fail the build as a result of license violations.
This is an informed decision in the spirit of allowing technical development to continue, while alerting others about the advent of unauthorized dependencies in near or real-time, so they can be addressed early on by the appropriate parties.
Once the build has finished on the build server and Build Info has deployed to Artifactory, license checks are run.
You can view detailed license information in the Licenses tab of the Build Browser. This tab displays information about all the dependencies used in the build and the license they are associated with. To group the information by Scope or License click the corresponding column header.
The summary panel displays the overall count of licenses by status and inside the table itself, licenses are displayed in different colors according to their status:
|The license found is not an approved license|
License information was found but cannot be related to any license managed in Artifactory
No license information could be found for the artifact.
The license found is unapproved, however another approved license was found for the artifact
|Approved||The license found is an approved license|
From the Build Browser, an Artifactory administrator can manually change the license information for any artifact displayed. Clicking the entry under the License column for any artifact will display the Edit 'artifactory.licenses' Property dialog where the administrator can specify the licenses for that artifact. For example, clicking the Public Domain license entry from the screenshot above will display the following dialog:
You can manually run the license discovery rules after a build has already run. There are several reasons why you may want to do this:
To trigger license discovery select the "Auto-find Licenses" button.
Any license conflicts are displayed to the right of the table. You can override the existing license information with the discovered license by checking the corresponding checkbox (you must have annotate permissions for the artifacts for which you want to override licenses).
To set license information for artifacts manually, when viewing an artifact's details in the Artifact Repository Browser, in the General tab Licenses entry, click Add.
This will display the Add Artifactory Licenses Property dialog where you can specify the licenses for the selected artifact.
Note that an artifact may be associated with multiple licenses
Another option for editing the license information is by scanning the Maven/Ivy model for licenses, that is, looking for an existing pom matching the artifact.
Once you have the artifact selected in the tree browser go to the
General tab and under the
License label choose
Scan and confirm licenses found in the scan results, if any.
Yet another option would be to use the 'Search For Archive License File' link, which will scan the artifact archive for a 'License' or 'License.txt' entry and ask for confirmation, if found.
Internally, license information is stored as regular properties, using the built-in
artifactory.licenses property name.
Therefore, all operations with properties are available to license information (searches, recursive assignment, property-based deployment and resolution etc.)
License-oriented searches and management operations are available through the REST API.
Refer to the REST API Documentation for usage information.