UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
| Table of Contents |
|---|
What is Mend?
GÉANT projects need to be aligned with their IPR policies but also with the general GÉANT IPR policy guidelines, which are currently being worked on. Projects use libraries whose use is subject to licence definitions by the authors or IPR holders of those libraries, and all licences must be mutually compatible. Mend, as a platform for managing the security and compliance of software licences, helps in checking this compatibility. It can support the process of managing and approving the used components. It integrates into all phases of the software development life cycle and enables real-time monitoring and alerts to solve problems on time.
...
Mend can analyse projects in several ways. The provided code may be locally stored and the Mend scan can be triggered manually at any time when the developer team is interested in the results of a recent code change(the . The details are in Adding project to Mend (Scan Flow)).
The standard way, however, is the integration of the Mend scan in a Continuous Integration (CI) pipeline that triggers the scan automatically on each commit in the host repositories such as GitLab and Bitbucket (including GÉANT Gitlab and Bitbucket). GÉANT used Bamboo as the CI/CD software in between the host repository and Mend (details in Automated Mend scans with Bamboo).
...
Mend has also conducted an in-house analysis of many of the main licence types and provided risk scores to help developers determine what risks and factors they should keep in mind when deciding which licence they should use. The Mend scan service can provide GÉANT project teams with tracking of IPR compliance to help them make their code compatible with IPR policies. Mend provides full visibility and control over the risks associated with open source and licence (non-)compliance.