Learn why I decided to open source Licensebat, the software that easily helps you manage the licenses of your project's dependencies.
The idea is pretty simple, it’s just a tool written in Rust that scans the dependencies of your project and generates a report of the different licenses that are used.
Initially, it was only a SaaS product running in the GitHub Marketplace with several pricing tiers. One of them being a free tier without any limitations for OSS projects and a few free requests per month for commercial projects.
After some months, though, I decided to open source Licensebat and release it as a FOSS project.
Although Licensebat as a SaaS product has access to the code hosted in GitHub it only accesses the code through the GitHub API. This allows us to keep the code private and only access the dependency manifest files, like
Anyway, some companies had some legit concerns about their code being potentially exposed to a third party service. It was clear to me that I’d need some other way for these customers to be able to get the service Licensebat was providing without exposing their code at all.
The idea of having some sort of binary/container/executable that could be used by these companies in their CI/CD pipelines immediately came up. But then, anyway, if this binary was not open source, if they couldn’t compile it themselves, how would they be sure that it was completely safe to use? How would they know that it was not scanning the code under the hood?
That’s when I decided to open source not only the CLI but also all the crates that are used in order to give support for some programming languages, which at the time I’m writing this are:
The thought was that the community would eventually be able to use and evolve all these crates and support many more languages in the long term.
What about the SaaS?
You may be wondering what’s the value of the SaaS service in this context where any company could just download the CLI and use it for free. And you’re totally right.
To be honest, I’m not completely sure about this, but I think there will still be companies willing to use Licensebat as a GitHub integrated service.
I have plans to extend that service even further by optimizing the dependency resolution and the license scanning process, and providing more value by adding features such as a history of the licenses that have been scanned, and a way to share the results with other people.
Will it work? Who knows! 😁
In any case, I’m happy to be able to open source Licensebat and hope that it will be useful to other people. That’s what matters to me more.
There are other cool things associated to the fact that this CLI is open source. The obvious one is that we can now leverage the fact that we can access the whole codebase without any concerns.
This means that, for some languages, we can find more convenient and optimized ways to access to the dependencies’ license information, speeding up the process.
If you want to give it a try or are just curious about the code, you can find it here, hosted in GitHub.
It would be great to have you as a contributor!
Top comments (0)