License Compliance Checker Skill
Automated verification of license compliance across all project dependencies to ensure legal compliance during migration activities.
Purpose
Enable comprehensive license compliance checking for:
- •Dependency license identification
- •Compatibility verification
- •Copyleft license flagging
- •Attribution requirement tracking
- •Policy enforcement
Capabilities
1. License Identification
- •Extract licenses from dependencies
- •Parse SPDX identifiers
- •Detect custom licenses
- •Handle multi-license packages
2. Compatibility Checking
- •Verify license compatibility
- •Check against project license
- •Identify conflicting licenses
- •Map dependency license chains
3. Copyleft License Flagging
- •Detect GPL/AGPL licenses
- •Identify viral clauses
- •Flag distribution implications
- •Alert on copyleft in proprietary projects
4. Attribution Requirement Tracking
- •Collect NOTICE requirements
- •Track attribution obligations
- •Generate attribution documents
- •Monitor compliance completeness
5. Policy Enforcement
- •Define allowed/blocked licenses
- •Enforce organizational policies
- •Generate compliance reports
- •Track policy violations
6. Compliance Report Generation
- •Create audit-ready reports
- •Generate SBOM with licenses
- •Produce attribution files
- •Export compliance evidence
Tool Integrations
| Tool | Purpose | Integration Method |
|---|---|---|
| FOSSA | Full compliance platform | API |
| WhiteSource | License scanning | API |
| Black Duck | Comprehensive analysis | API |
| license-checker | npm license checking | CLI |
| licensee | License detection | CLI |
| go-licenses | Go license checking | CLI |
| pip-licenses | Python license checking | CLI |
Output Schema
json
{
"analysisId": "string",
"timestamp": "ISO8601",
"projectLicense": "string",
"dependencies": [
{
"name": "string",
"version": "string",
"license": "string",
"spdxId": "string",
"compatible": "boolean",
"attributionRequired": "boolean",
"riskLevel": "high|medium|low|none"
}
],
"compliance": {
"status": "compliant|non-compliant|review-required",
"violations": [],
"warnings": [],
"attributionNeeded": []
},
"sbom": {
"format": "SPDX|CycloneDX",
"path": "string"
}
}
Integration with Migration Processes
- •dependency-analysis-updates: License verification
- •legacy-codebase-assessment: Compliance assessment
Related Skills
- •
dependency-scanner: Dependency discovery - •
vulnerability-scanner: Security + compliance
Related Agents
- •
dependency-modernization-agent: License-safe updates - •
compliance-migration-agent: Full compliance