Ignoring dependency licenses can lead to:

Legal risk: Violating license terms (for example, accidentally including copyleft code in a closed-source product) can result in complaints, forced code disclosure, or lawsuits.

Financial impact: Non-compliance can trigger vendor or rights-holder claims, back payments, and unexpected license purchases.

Reputational damage: Compliance issues discovered by customers, partners, or the open-source community can undermine trust.

Traditional audits usually happen late – often when a vendor or customer asks difficult questions. Qodana’s license audit helps you shift left and continuously detect license issues while you develop.

These are configured via qodana.yaml, where license audit support is documented and where you can also define additional dependencies that may not be visible from the sources (for example, externally pulled artifacts) using the customDependencies option.

License problems rarely exist in isolation. Qodana combines:

Static code analysis: to catch bugs, code smells, security issues, and architectural problems, and Software Composition Analysis (SCA): to monitor dependency licenses and vulnerabilities

in a single report. The same Qodana run that detects nullability issues or security flaws can also tell you if you’re pulling in, say, a GPL-licensed library into a proprietary module.

This unified approach means that your engineering teams see license issues right next to code problems. Your legal/compliance teams get a concrete, reproducible list of affected components.
And, your CI/CD pipelines can enforce license policies as part of a quality gate, preventing builds that violate your policy from progressing.

After Qodana finishes an analysis, the resulting report (locally or in Qodana Cloud) contains a License audit tab. There you can:

• See a list of all dependencies and their detected licenses.
• Quickly filter or search for specific licenses (e.g., GPL, AGPL, LGPL, Apache-2.0).
• Identify dependencies incompatible with your project license or policy – these are highlighted as problems.
• Navigate directly to the issues inside the codebase or configuration files.

This makes it easy to answer questions like:

“Which components are using copyleft licenses?”
“Do we depend on any libraries that restrict commercial distribution?”
“Where do we need to adjust licenses, replace dependencies, or seek legal approval?”

License audit behavior can be tuned via Qodana configuration:

1. Allowed or forbidden licenses. Define which licenses are acceptable in your organization’s policy and let Qodana flag violations.
2. Custom dependencies. Use customDependencies in qodana.yaml to include components that are not obvious from the source (for example, tools installed externally but shipped with your product).

IDE integration. The underlying inspection (CheckDependencyLicenses) is also available in JetBrains IDEs, so you can refine settings locally and then reuse them in Qodana.

Using Qodana as part of your development and delivery process means you can be audit-ready at any time, keep an up-to-date picture of your dependency landscape and licenses. You can also catch issues early and detect incompatible licenses as soon as they’re introduced via a new dependency or version bump.

Standardize compliance and apply the same license policy across repositories, teams, and pipelines. Plus, reduce manual work by moving away from spreadsheets and ad-hoc scripts towards an automated, repeatable process built into CI.

To start using license audit with Qodana:

1. Set up Qodana in your preferred environment (JetBrains IDE, CLI, or CI pipeline).
2. Add or review your qodana.yaml, ensuring that license audit is enabled and any custom dependencies are declared.
3. Run Qodana and open the report locally or in Qodana Cloud.
4. Go to the License Audit tab to inspect license compatibility and refine your policies.

By integrating Qodana into your workflows, a software license audit becomes not a one-time stressful event, but a continuous, automated check that runs every time your code changes.