This certificate confirms that your software project’s licensing has been reviewed and validated. It indicates that the selected licence is appropriate, compatible with all dependencies, adequately and transparently declared, and that the software is ready for distribution when it comes to licensing and reasonable dependency checks.
The certificate remains valid indefinitely for future software versions, provided certification requirements continue to be met. It does not cover patents or legal liability, although patent aspects may be addressed during the Software Licence Analysis (SLA) review.
A full specification of software licensing certificates is also available (the document is available for GÉANT participants).
Prerequisites
Ensure that your software project:
Is intended for distribution
Has all direct and transitive dependencies identified and verified
Uses a clear software licence, compatible with all dependencies, and confirmed by the GÉANT IPR Manager
Ensure that:
- Project artefacts include the required licence and copyright
- Compliance requirements of all dependencies are fulfilled
Step-by-Step Process
Review Dependencies
Identify all direct and transitive dependencies. You may use the GÉANT Software Composition Analysis (SCA) service, or obtain a Verified Dependencies Certificate.
Address all critical vulnerabilities, typically by upgrading dependencies.
Select and Verify Licence
Use the GÉANT SLA service, conduct an internal review, or rely on an equivalent method.
Confirm the selected licence with the Licence Management Team, and obtain approval from the GÉANT IPR Manager.
Verify that all dependency licences are compatible with the selected licence.
Document any conflicts, resolutions, and rationale.
Prepare Required Artefacts
Use the GÉANT SLA service, or the Software Artefacts Checklist and templates (for GÉANT participants).
Mandatory:
LICENSE– full text of the selected licenceCOPYRIGHT– copyright notices and attributionsREADME– includes licence declaration and copyright
If applicable or required by the licence:
NOTICE– third-party notices and attributionsCHANGELOG– version history, including licence-related changesCONTRIBUTING– contribution guidelines
Ensure these artefacts clearly and explicitly declare the licence and copyright, and reflect compliance with the terms of all dependencies.
Declare Licence in Metadata and User Interface
Declare licence in:
Repository settings or project metadata
User interface (if required by the licence)
Documentation, help files, and release notes
Submit Request
Send a request to the Licence Management Team, including:
Results of the SLA or equivalent review
Access to the repository with all relevant artefacts
Clarifications or supporting notes, if needed
See Contact Us for instructions on communicating with the team.
Respond to Review Feedback
Cooperate with the Licence Management Team to:
Provide requested clarifications
Remediate licence conflicts or vulnerabilities
Update artefacts and documentation as needed
Use Certificate
Upon approval, your project will receive the Verified Software Licence Certificate, which will be visible in the GÉANT Software Catalogue.
You may reference the certificate in your documentation, metadata, project page, or communications. The Licence Management Team will provide guidance on how to do this.
After Certification
Maintain Compliance
To keep the certificate valid:
Keep licensing artefacts and documentation up to date
Review new dependencies for licence compatibility
Avoid licence changes without review and re-approval
Inform the Licence Management Team of any major changes
Respond to compliance-related queries from users or third parties
Fundamental changes to software architecture or licensing model may require certificate revalidation.
Optional: Set Up Dependency and Licence Scanning
Integrate SCA scanning into your CI/CD pipeline to detect licence or vulnerability issues early.
Certificate Validity
The certificate is valid indefinitely, unless revoked.