License Compliance And SBOM¶

Use this guide when working on license scanning, vulnerability workflows, or SBOM-related tasks.

Goal¶

Integrate compliance-related controls into normal engineering workflows.

Steps¶

1. Confirm where license, vulnerability, and SBOM checks run.
2. Define who reviews findings and how triage decisions are recorded.
3. Connect findings to dependency and artifact workflows.
4. Document expected outputs and escalation paths.
5. Keep unresolved areas clearly marked.

Practical Checks¶

• scan scope is visible
• triage ownership is clear
• dependency and artifact links are traceable
• SBOM usage expectations are documented

Related Infrastructure Areas¶

• Security & Compliance Infrastructure
• Artifact Infrastructure
• Build Infrastructure

Related Planning Pages¶

• Infrastructure Development Map
• Work Breakdown Structure

Background Detail¶

• License compliance
• SBOM
• Vulnerability management