Versions Compared

Old Version 1

changes.mady.by.user Marcin Wolski

Saved on

compared with

New Version Current

changes.mady.by.user Anđela Arsović

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
titleSoftware Licensing Certificates Series

This certificate confirms that your software project’s licensing has been reviewed and validated. It indicates that the software licence has been selected, verified for compatibility with all components, and appropriately and transparently declared. It also confirms readiness for compliant distributionrelease.

The certificate remains valid for future software versions   indefinitely, provided they meet certification requirements. It does not cover patents or legal liability, although patent concerns may be addressed during the Software Licence Analysis (SLA) review.

It requires your team to select a licence, internally assess licensing compliance, declare the project licence, and produce necessary artefacts. The process includes internal and SLA reviews, documentation updates, and validation by the GÉANT Licence Management Team.

The certificate builds on the Verified Dependencies Certificate by adding licence selection, SLA review, and approval of artefacts.

You may use this document as a checklist template for your project's certification process.

...

  •  Document all external libraries and code used in the project (having an internal list is mandatory, and it may be made public).
  •  Document licences of all external libraries and code used in the project (in the same list).
  •  Confirm that all direct and transitive dependencies are under valid open source or proprietary licences.
  •  Ensure that all these licences are mutually compatible for use in your softwarecompatible, and, additionally, compatible with the software project licence.
  •  Review each dependency for known critical security vulnerabilities (you can use the GÉANT-provided SCA and review services).
  •  Manually review all other third-party intellectual property, including source code, components, content, designs, models, and similar assets (may be recorded in the NOTICE file).
  •  Register the project in the GÉANT Software Catalogue.

Additional Requirements

  •  Complete the SLA Service review, confirming licensing compliance and artefacts.
  •  Obtain GÉANT approval of the licence, in line with the software’s context and intended distribution.

Certification Process

  •  

    Perform a software licence review using the SLA Service or an equivalent internal process.

  •  Ensure that Address all direct and transitive dependencies are compatible with dependency vulnerabilities and licence incompatibilities.
  •  Confirm the selected project licence (or all output licences in case of multi-licensing)
  •  Ensure that all dependency vulnerabilities are addressed
  • licence with the Licence Management Team, and obtain approval from the GÉANT IPR Manager.
  •  

    Create necessary artefacts, guided

     

    Create necessary project files. This can be guided by the Software Artefacts Checklist and related artefact  and templates.

  •  Declare the licence in repository metadata and, if relevant, in the software UI if needed.
  •  Optionally integrate SCA scanning into the CI/CD pipeline.
  •  Send a request to the Licence Management Team, including:
    •  SCA report or a reference to the GÉANT SCA service performed
    •  Third-party IP details, if any
    •  Any supporting documentation
  •  

    Provide clarifications or perform remediation if requested by the Licence Management Team.

  •  

    Reference the certificate in your documentation, metadata, project page, or communications. Otherwise, what would be the point of the effort?

See Contact Us for information on how to communicate with the Licence Management Team.

Artefacts

  •  Up-to-date list of all dependencies with licences and security status, including transitive ones, based on SCA tool results

Create necessary project artefacts based on available available templates. These files will be are reviewed and amended as part of the SLA Service.

  •  README – Mandatory , with basic information about the software, licence, and copyright
  •  LICENSE – Mandatory software licence text
  •  COPYRIGHT – Mandatory copyright ownership information
  •  NOTICE – Optional , legal notices and attributions for third-party components may be , required if mandated by the a licence or dependency
  •  CHANGELOG – Optional , but may be required by the licence or dependenciesrecord of versions and changes, required  if mandated by a licence or dependency
  •  CONTRIBUTING – Optional contribution policy

Governance

Upon approval, your project will receive the Verified Software Licence Certificate, which will be visible atcertificates.software.geant.org and in the GÉANT Software Catalogue.

Keep dependency, licence, and vulnerability data and project artefacts up to date. Review new or changed dependencies and monitor for newly discovered vulnerabilities or licence conflicts.

You may integrate continuous dependency and licence scanning (e.g. through CI/CD pipelines) to detect issues early and maintain long-term complianceMaintain ongoing licensing compliance and artefacts.

The Licence Management Team validates issuance, and may occasionally review the certificate status. Revalidation may be required if there are fundamental changes to the significant changes (e.g. software architecture or , licensing model, component replacement under a different licence, or inclusion of new components).

The certificate is valid indefinitely, unless revokedprovided issues are promptly addressed.

Additional Information

Further details are available in the Detailed Guide: Verified Software Licence Certificate.