The Art of CTO License Compliance Checker analyzes open source license compatibility, detects GPL conflicts, and evaluates commercial licensing risks across a project's dependency tree.
Frequently Asked Questions
What open source licenses are safe for commercial use?
Permissive licenses like MIT, BSD (2-clause and 3-clause), Apache 2.0, and ISC are generally safe for commercial use with minimal obligations — typically just attribution. Copyleft licenses like GPL require distributing your source code if you distribute the software, which can be problematic for proprietary products. LGPL allows dynamic linking without copyleft obligations. AGPL extends copyleft to network use, meaning even SaaS deployments trigger source code disclosure requirements.
What is GPL contamination and how do you prevent it?
GPL contamination occurs when GPL-licensed code is combined with proprietary code in a way that triggers the GPL's copyleft requirement, potentially forcing you to open-source your entire codebase. Prevent it by maintaining a license inventory of all dependencies, using automated scanning tools in your CI/CD pipeline, establishing clear policies about acceptable licenses, and keeping GPL components isolated behind well-defined API boundaries when usage is necessary.