The easiest way to start scanning an open source project is to use our "one click" scan from the homepage. Simply enter the URL of the project on Github and the scan will start immediately.
If the project has not been scanned in five days, re-scanning will automatically commence. If the project is your own and you would like to scan it on every new commit, you can also login and configure Github integrations (see "Continuous Scans and Alerts", below).
To scan a private repository, please sign-in using your Github account from the to navigation bar.
You will be presented with a list of all the projects connected to your Github account from which you can start a scan.
When you enable Github Pull Request integration, git.legal will scan all your pull requests (as well as your default branch) whenever a developer commits new code.
Git.legal flags an error on your pull request if there are new libraries which are outside of your licensing policy and which have not been manually approved.
These scans are quick and do not take a long as your initial full scan, as git.legal only scans the changed code and libraries.
In your Project Settings, you can find the markup for a badge that you can include in your readme file to indicate both the license of your project and the status of your default branch.
From your Project Policy, you can configure Git.legal to automatically approve libraries that fall under different categories of licenses: permissive (eg. MIT/Apache), weak copyleft (eg. LGPL, MPL), and/or strong copyleft (GPL). If you're unsure which of these you should allow in your project, please contact us to help you work it out.
In addition, when manually approving a license, you can choose to approve that license for all libraries (see below). Then, new libraries under the approved license will be automatically approved in the future.
When git.legal encounters a license that does not meet your automatic-approval settings or which is unrecognized, you have the option to either approve that individual library or to approve the license for all libraries (and new libraries introduced in the future).
Until any unapproved libraries are addressed, pull requests in Github will show up as failing (if you are using our Github Pull Request Integration). A failing Pull Request will succeed and turn green as soon as you approve the applicable libraries or licenses, or, if the license in not permissible in your project, when the developer removes the library from the code.