Classifying licenses and resolving component licenses in the Software Bill of Materials workspace

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Classifying licenses and resolving component licenses in the Software Bill of Materials workspace

    The Software Bill of Materials (SBOM) workspace enables organizations to classify licenses and match them to software components, ensuring compliance with licensing requirements for proprietary, open-source, and vendor-supplied components. This process helps mitigate risks associated with licensing violations that could affect internal policies and regulatory compliance.

    Show full answer Show less

    Key Features

    • License Administration Module: Facilitates the classification and resolution of licenses associated with SBOM components.
    • Data Visualization: Provides insights into license compliance levels through visualizations on the Home page.
    • License Categories: Classifies licenses into four categories: Permitted, Restricted, Banned, and Unclassified, enabling effective management of license compliance.
    • Automatic License Database Growth: Automatically updates the license database with unique licenses from SBOM uploads.
    • Role-Based Access: Specific roles are required for classifying and resolving licenses, ensuring that only authorized personnel manage compliance.

    Key Outcomes

    By using the SBOM workspace, customers can:

    • Maintain a clear inventory of licenses and their compliance status.
    • Quickly identify potential compliance risks through data visualization.
    • Ensure ongoing compliance management by regularly classifying and resolving licenses after SBOM file uploads.
    • Empower license managers and resolvers to effectively manage licensing issues with defined roles and responsibilities.

    Classify licenses and resolve (match) them to components, or create licenses in the License administration module in the SBOM workspace. Classifying and matching licenses to your components permits you determine your license compliance for the proprietary, open-source, and vendor-supplied software components you upload in your SBOM files.

    License data and third-party software

    As organizations build more of their own software applications, they are using open-source components and vendor-supplied software. Using third-party and open-source components provide you with many advantages for the rapid creation and release of your software projects, however, using these components comes with licensing risks:

    • Open-source and vendor-supplied software components at times have dependencies on other components, and each component might have its own licensing requirements.
    • If you’re not compliant with the terms of your licenses for the components and software in your applications, you might inadvertently ship code that violates your internal policies and regulatory licensing requirements.

    The License administration module

    The License administration module in the SBOM Workspace permits you to perform the following tasks.
    • Classify licenses that require it for the components you upload with your SBOM files.
    • Resolve each license you classify to a specific component.
    • See what percentage of the components you are using are out of compliance on a data visualization on the Home page. You can use this information to help you determine your overall security posture and potential risk exposure.
    If the SBOM files you upload include license information, the license database grows automatically as unique licenses are observed on each SBOM upload. With each SBOM upload, you can build a database of uploaded licenses and then classify them if necessary with the License administration module in the SBOM Workspace. You build an inventory of licenses so that you can assign them to components after you classify them in one of the following categories:
    • Permitted
    • Restricted
    • Banned
    • Unclassified

    Legal personnel, license managers, compliance, and regulatory managers perform tasks in the License administration module.

    Viewing uploaded license data

    You have the following options to view any license information you've uploaded with your components in the SBOM Workspace.
    • Navigate to Workspaces > SBOM Workspace > Components.
      On the Components page the License classification of components card displays a visualization of your overall license compliance with the following categories.
      Category Description
      Banned Licensed usage is not permitted.
      Classification required License is not yet classified and requires a review.
      Permitted Licensed usage is permitted without restriction.
      Restricted Licensed usage is not permitted in specific use cases.

      This snapshot uses the classifications and resolved license information you enter in the License administration module to calculate your over-all license compliance.

      If you select a component record from this list, you can view the component's license information along with other information in the State field.

    • Alternatively, navigate to Workspaces > SBOM Workspace > License administration > License classification.
      This page tracks the total number of unique licenses that have been detected from the SBOM files you’ve uploaded. It also filters them in cards along the top of the page in the following categories.
      • Unclassified - License requires review and classification.
      • Banned - License usage is not permitted.
      • Restricted - License is not permitted in specific use cases.
      • Permitted - License usage is permitted without restriction.
      • All licenses - Total count of licenses.
      All the components in your organization are using one of the licenses that is listed on this page. When a new license is detected from an SBOM upload, a record is created and stored in the SBOM license [sn_sbom_license] table and added to this list. It’s classification by default is, Classification Required. License records in this state must be reviewed and classified before you can resolve (match) them to components so your overall license compliance is accurately calculated.

      For information on how to classify licenses, see Classify imported licenses in the Software Bill of Materials Workspace.

    Roles

    New licenses must be classified by a user with the sn_sbom_response.managelicense role. This user views uploaded license information and determines which licenses are permitted and which are banned. Users with this role cannot view the Component license resolution module unless they have the sn_sbom_response.licenseresolver role.

    After classification, licenses must be resolved by a user with the sn_sbom_response.licenseresolver role so that your over-all license compliance can be determined. This user resolves licenses to components. Users with this role cannot view the License Classification module unless they have the sn_sbom_response.managelicense role.

    Classifying new license information is an ongoing process. You might prefer to keep the total number displayed on the Unclassified card low. As a license manager, you might prefer to check for licenses that need classification every few days and after you upload SBOM files.

    As a license resolver, you might prefer to check for updated classified licenses every few days.