Goal: Understand the potential IP issues associated with a given software package’s use.
| Metric | Question |
|---|---|
| License Count | How many different licenses are there? |
| License Coverage | How much of the code base has declared licenses? |
| License Declared | What are the declared software package licenses? |
| OSI Approved Licenses | What percentage of a project’s licenses are OSI approved open source licenses? |
| SPDX Document | Does the software package have an associated SPDX document as a standard expression of dependencies, licensing, and security-related issues? |