Skip to main content

ComponentLicenses

Get license information for a software component identified by Package URL.

HTTP Request Example

curl -X GET 'https://api.scanoss.com/v2/licenses/component?purl=pkg:github/scanoss/engine@5.0.0' \
  -H "X-Api-Key: $SC_API_KEY" | jq

Response Format

Returns license data for a component in two forms:
  • Licenses list: All detected licenses in the component
  • SPDX expression: Combined license expression when determinable
Key fields:
  • purl: Component identifier
  • licenses: List of detected licenses
    • id: SPDX ID or license reference
    • full_name: License name
    • is_spdx_approved: SPDX approval status
    • url: License reference URL
  • statement: SPDX expression (when available)
  • version: Resolved component version
  • url: Component source URL
  • requirement: Version constraint from request
  • info_code: Processing result code
  • info_message: Human-readable status message

Info Codes

The info_code field reports the outcome of processing each component. Possible values:
CodeMeaning
SUCCESSRequest processed successfully
INVALID_PURLInvalid Package URL
COMPONENT_NOT_FOUNDComponent not found
NO_INFONo license data available
INVALID_SEMVERInvalid version format
VERSION_NOT_FOUNDVersion not found

Response Examples

Multiple licenses (no SPDX expression)

Occurs when a component has multiple licenses without a single unified expression. 
{
  "component": {
    "purl": "pkg:github/ffmpeg/ffmpeg@n7.0",
    "url": "https://github.com/ffmpeg/ffmpeg",
    "requirement": "",
    "version": "n7.0",
    "statement": "",
    "licenses": [
      {
        "id": "LGPL-2.1-or-later",
        "full_name": "GNU Lesser General Public License v2.1 or later",
        "is_spdx_approved": true,
        "url": "https://spdx.org/licenses/LGPL-2.1-or-later.html"
      },
      {
        "id": "GPL-2.0-or-later",
        "full_name": "GNU General Public License v2.0 or later",
        "is_spdx_approved": true,
        "url": "https://spdx.org/licenses/GPL-2.0-or-later.html"
      }
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "Licenses Successfully retrieved"
  }
}

SPDX expression (OR)

Returned when the component specifies a license choice. 
{
  "component": {
    "purl": "pkg:maven/ch.qos.logback/logback-classic@1.5.0",
    "url": "https://github.com/qos-ch/logback",
    "requirement": "",
    "version": "1.5.0",
    "statement": "EPL-1.0 OR LGPL-2.1-only",
    "licenses": [
      {
        "id": "EPL-1.0",
        "full_name": "Eclipse Public License 1.0",
        "is_spdx_approved": true,
        "url": "https://spdx.org/licenses/EPL-1.0.html"
      },
      {
        "id": "LGPL-2.1-only",
        "full_name": "GNU Lesser General Public License v2.1 only",
        "is_spdx_approved": true,
        "url": "https://spdx.org/licenses/LGPL-2.1-only.html"
      }
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "Licenses Successfully retrieved"
  }
}

SPDX expression (AND)

Returned when multiple licenses must be satisfied together. 
{
  "component": {
    "purl": "pkg:github/openssl/openssl@1.1.1n",
    "url": "https://github.com/openssl/openssl",
    "requirement": "",
    "version": "1.1.1n",
    "statement": "OpenSSL AND SSLeay",
    "licenses": [
      {
        "id": "OpenSSL",
        "full_name": "OpenSSL License",
        "is_spdx_approved": false,
        "url": "https://www.openssl.org/source/license-openssl-ssleay.txt"
      },
      {
        "id": "SSLeay",
        "full_name": "Original SSLeay License",
        "is_spdx_approved": false,
        "url": "https://www.openssl.org/source/license-openssl-ssleay.txt"
      }
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "Licenses Successfully retrieved"
  }
}

Error Response

{
  "component": {
    "purl": "pkg:github/scanoss/unknown-component",
    "url": "",
    "requirement": "",
    "version": "",
    "statement": "",
    "licenses": [],
    "info_message": "Component version not found",
    "info_code": "VERSION_NOT_FOUND"
  },
  "status": {
    "status": "SUCCESS",
    "message": "Licenses Successfully retrieved"
  }
}

ComponentsLicenses

Get license information for multiple software components in a single request.

HTTP Request Example

curl -X POST 'https://api.scanoss.com/v2/licenses/components' \
  -H 'Content-Type: application/json' \
  -H "X-Api-Key: $SC_API_KEY" \
  -d '{
    "components": [
      {"purl": "pkg:github/scanoss/engine@5.0.0"},
      {"purl": "pkg:github/scanoss/scanoss.py@v1.30.0"}
    ]
  }' | jq