This certificate confirms that your software project’s licensing has been reviewed and validated. It indicates that the selected licence is appropriate, compatible with all dependencies, adequately and transparently declared, and that the software is ready for distribution when it comes to licensing and reasonable dependency checks.
The certificate remains valid indefinitely for future software versions, provided certification requirements continue to be met. It does not cover patents or legal liability, although patent aspects may be addressed during the Software Licence Analysis (SLA) review.
A full specification of software licensing certificates is also available (the document is available for GÉANT participants).
Ensure that your software project:
Is intended for distribution
Has all direct and transitive dependencies identified and verified
Uses a clear software licence, compatible with all dependencies, and confirmed by the GÉANT IPR Manager
Ensure that:
Identify all direct and transitive dependencies. You may use the GÉANT Software Composition Analysis (SCA) service, or obtain a Verified Dependencies Certificate.
Address all critical vulnerabilities, typically by upgrading dependencies.
Use the GÉANT SLA service, conduct an internal review, or rely on an equivalent method.
Confirm the selected licence with the Licence Management Team, and obtain approval from the GÉANT IPR Manager.
Verify that all dependency licences are compatible with the selected licence.
Document any conflicts, resolutions, and rationale.
Use the GÉANT SLA service, or the Software Artefacts Checklist and templates (for GÉANT participants).
Mandatory:
LICENSE – full text of the selected licence
COPYRIGHT – copyright notices and attributions
README – includes licence declaration and copyright
If applicable or required by the licence:
NOTICE – third-party notices and attributions
CHANGELOG – version history, including licence-related changes
CONTRIBUTING – contribution guidelines
Ensure these artefacts clearly and explicitly declare the licence and copyright, and reflect compliance with the terms of all dependencies.
Declare licence in:
Repository settings or project metadata
User interface (if required by the licence)
Documentation, help files, and release notes
Send a request to the Licence Management Team, including:
Results of the SLA or equivalent review
Access to the repository with all relevant artefacts
Clarifications or supporting notes, if needed
See Contact Us for instructions on communicating with the team.
Cooperate with the Licence Management Team to:
Provide requested clarifications
Remediate licence conflicts or vulnerabilities
Update artefacts and documentation as needed
Upon approval, your project will receive the Verified Software Licence Certificate, which will be visible in the GÉANT Software Catalogue.
You may reference the certificate in your documentation, metadata, project page, or communications. The Licence Management Team will provide guidance on how to do this.
To keep the certificate valid:
Keep licensing artefacts and documentation up to date
Review new dependencies for licence compatibility
Avoid licence changes without review and re-approval
Inform the Licence Management Team of any major changes
Respond to compliance-related queries from users or third parties
Fundamental changes to software architecture or licensing model may require certificate revalidation.
Integrate SCA scanning into your CI/CD pipeline to detect licence or vulnerability issues early.
The certificate is valid indefinitely, unless revoked.