Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt

Use this file to discover all available pages before exploring further.

Beta
Open source dependencies can introduce license obligations that may affect how software is used, modified, or distributed. Reviewing license information helps teams identify potential compliance concerns, verify attribution requirements, and maintain visibility into approved and restricted licenses across the organization. You can view and manage license information across your projects, edit license data, and generate Notice reports for distribution.

View licenses

To generate license inventory, set ENDOR_SCAN_ENABLE_LICENSE_SUMMARY=true in the scan profile assigned to the project, or export it before you run endorctl scan. Run a new scan after you enable the flag.
To view licenses:
  1. Select Inventory from the left sidebar.
  2. Select Licenses to view the list of licenses. You can view the license name, OSI approval status, license type, and project count. Licenses list
  3. Use Search license Name to filter the list or search for a specific license.
  4. Use the OSI, Projects, and Type filters to narrow the list.
  5. Select a license row to view the following details:
    • TYPE: License type for the selected license (for example, Permissive, Copyleft).
    • OSI: Whether the license is Open Source Initiative approved.
    • PROJECTS: List of projects that use this license.
    • Raw License: The full legal text of the license. The raw text is display-only and cannot be edited in this view.
    View license details

View licenses associated with a project

To view licenses for a specific project:
  1. Select Projects from the left sidebar and select the project for which you want to view licenses.
  2. Select Inventory > Licenses to view the list of licenses for that project. Licenses list for a project
  3. Select a license to view the following information.
    • Details: Shows the license type, OSI approval status, and the raw license text (the license name and full legal text). Project license details tab
    • Matches: Shows how many locations the license was found in within the project. Use the dependency dropdown to select a package version. For each selection, you can view:
      • Declared License: The license declared by the dependency, along with a reference to where it is defined.
      • Discovered License: The license detected during scanning, with links to the exact files where the license content was found.
      Project license matches tab

Edit license information

You can edit license information to correct or override license data when scan results or package metadata are incomplete or inaccurate. Editing license information helps you to:
  • Fix misclassified, missing, or unknown licenses so the effective license reflects the expected result.
  • Update copyright, notice text, or license expressions used in generated Notices files.
  • Standardize SPDX identifiers or expressions across projects.
To edit license information from a dependency:
  1. Select Projects from the left sidebar and select a project.
  2. Select Inventory > Dependencies to view the list of dependencies for that project.
  3. Select a dependency and click Edit.
  4. The Edit Dependency page shows dependency metadata at the top, for example, name, source code location, and package location.
  5. Under Declared licenses and Discovered licenses, click Add License and search for a license to add. You can also edit existing licenses.
  6. Under Copyrights, click Add Copyright to add copyright statements.
  7. Optionally, select Propagate dependency edits to all child namespaces to apply the same changes to related namespaces.
  8. Click Save Dependency to save the changes. Edit dependency licenses

Generate a Notice report

A Notice report lists open source dependencies with their license texts, copyright notices, and source code locations. You must include a Notice report when you distribute software that contains open source dependencies.
To generate a Notice report from the command line, see license-notice-report generate.
To generate a Notice report:
  1. Select Projects from the left sidebar and select the project for which you want to generate a report.
  2. Click Export > Notice Report.
  3. Under File Format, choose the output format from either HTML or plain text.
  4. Select Group By to choose how the report is organized:
    • License: Lists each distinct license once, followed by all dependencies using that license. Use this for compact reports when many dependencies share the same license.
    • Dependency: Lists each dependency with its license text inline. Use this when each dependency has a different license.
  5. Under Scope, select Add More and choose one or more packages for the report. Test dependencies are excluded. Projects can contain multiple packages with several manifests. The report includes license and copyright information for dependencies used by the selected packages.
  6. Click Create Report to generate and download the report.

View Notice reports

To view Notice reports:
  1. Select Reports from the left sidebar.
  2. Select a report to view its details such as file format, group-by option, and package scope.
  3. To download a report, click the three vertical dots and click Download.
  4. To delete a report, click the three vertical dots and click Delete.
See Reports for more information on managing reports.