diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-13 12:11:26 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-13 12:11:26 +0300 |
commit | 12221d835d5f63c4747f0cbd30e4aac8b78e857c (patch) | |
tree | 54a6fdcd715ace3a3cd15c7b89435ca2a742e9b2 /doc/user | |
parent | e4372ce2ee58813303e4ac906800fbfdd0d5bcf5 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/compliance/license_compliance/index.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 566270f3774..7dd0e7241eb 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -49,6 +49,15 @@ When GitLab detects a **Denied** license, you can view it in the [license list]( You can view and modify existing policies from the [policies](#policies) tab. ![Edit Policy](img/policies_maintainer_edit_v14_2.png) +## License expressions + +GitLab has limited support for [composite licenses](https://spdx.github.io/spdx-spec/appendix-IV-SPDX-license-expressions/). +License compliance can read multiple licenses, but always considers them combined using the `AND` operator. For example, +if a dependency has two licenses, and one of them is allowed and the other is denied by the project [policy](#policies), +GitLab evaluates the composite license as _denied_, as this is the safer option. +The ability to support other license expression operators (like `OR`, `WITH`) is tracked +in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/6571). + ## Supported languages and package managers The following languages and package managers are supported. |