Several components have an "Undefined No Assertion" license tag in License Distribution view.
Details
When licenses have a “NOASSERTION” tag it means that source forges were not sure what the exact license is.
Please note:
Blank license = no license found
NOASSERTION = license found but not identifiable across the 360 different licenses we detect from SPDX (SPDX).
NOASSERTION would need a manual review as it could be a potential license risk or maybe not, the reason why we can't classify it by default as risky (red).
Related Page
How OSS licenses are mined and detected in Highlight’s Software Composition Analysis feature
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Ticket
50540, 50883
Comments