melodic-software/scan-licenses
plugins/compliance-planning/skills/scan-licenses/SKILL.md
Analyze open source license compliance for a project's dependencies.
$ install --global
skillsauthnpx skillsauth add melodic-software/claude-code-plugins scan-licensesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:36 AM9.6s1 file scanned
SKILL.md
- name:
- scan-licenses
- description:
- Analyze open source license compliance for a project's dependencies.
- argument-hint:
- [project-path]
- allowed-tools:
- Task, Skill, Read, Glob, Grep
Open Source License Compliance Scan
Analyze project dependencies for license compliance.
Workflow
Step 1: Load Required Skills
Load these skills:
license-compliance- License requirements and compatibilitysbom-management- Dependency tracking
Step 2: Identify Project Type
Detect the project type and package manager:
- .NET: Look for
*.csproj,*.sln,packages.config - Node.js: Look for
package.json,package-lock.json - Python: Look for
requirements.txt,pyproject.toml,setup.py - Java: Look for
pom.xml,build.gradle
Step 3: Extract Dependencies
For .NET projects:
dotnet list package --include-transitive
For Node.js:
npm ls --all --json
Step 4: Analyze Licenses
For each dependency:
- Identify the license (SPDX identifier)
- Categorize (Permissive, Weak Copyleft, Strong Copyleft)
- Check against policy (Approved, Requires Review, Prohibited)
- Identify obligations
Step 5: Check Compatibility
Verify license compatibility:
- Check inbound vs outbound license compatibility
- Identify conflicting licenses
- Flag copyleft contamination risks
Step 6: Generate Report
Create a comprehensive license compliance report.
Example Usage
# Scan current directory
/compliance-planning:scan-licenses
# Scan specific project
/compliance-planning:scan-licenses "./src/MyApp"
# Scan solution
/compliance-planning:scan-licenses "./MySolution.sln"
Output Format
# License Compliance Report: [Project Name]
## Summary
| Metric | Count |
|--------|-------|
| Total Dependencies | [N] |
| Direct Dependencies | [N] |
| Transitive Dependencies | [N] |
| Approved Licenses | [N] |
| Requires Review | [N] |
| Prohibited | [N] |
| Unknown | [N] |
### Compliance Status: [COMPLIANT / REVIEW REQUIRED / NON-COMPLIANT]
---
## License Distribution
| License | Category | Count | Status |
|---------|----------|-------|--------|
| MIT | Permissive | [N] | Approved |
| Apache-2.0 | Permissive | [N] | Approved |
| GPL-3.0 | Strong Copyleft | [N] | Prohibited |
---
## Dependencies by Status
### Approved
| Package | Version | License | Category |
|---------|---------|---------|----------|
| [Package] | [Version] | [License] | Permissive |
### Requires Review
| Package | Version | License | Concern |
|---------|---------|---------|---------|
| [Package] | [Version] | [License] | [Why review needed] |
### Prohibited
| Package | Version | License | Issue | Alternative |
|---------|---------|---------|-------|-------------|
| [Package] | [Version] | [License] | [Issue] | [Suggested alternative] |
### Unknown
| Package | Version | License Info | Action |
|---------|---------|--------------|--------|
| [Package] | [Version] | [Info] | [Required action] |
---
## Compatibility Analysis
### License Conflicts
| Package 1 | License 1 | Package 2 | License 2 | Conflict |
|-----------|-----------|-----------|-----------|----------|
### Copyleft Assessment
**Copyleft Packages Found:** [Y/N]
| Package | License | Impact | Mitigation |
|---------|---------|--------|------------|
---
## Obligations Summary
### Attribution Required
| Package | License | Attribution Text |
|---------|---------|-----------------|
### Source Disclosure Required
| Package | License | Requirement |
|---------|---------|-------------|
### Notice Files Required
| Package | NOTICE File | Status |
|---------|-------------|--------|
---
## Recommended Actions
### Immediate Actions
1. **Replace prohibited packages**
- [Package] -> [Alternative]
2. **Review flagged packages**
- [Package] - [Review reason]
### Documentation Actions
1. **Update NOTICE file**
- Add attributions for: [Packages]
2. **Add license files**
- Include: [License files needed]
---
## NOTICE File Content
```text
THIRD-PARTY SOFTWARE NOTICES AND INFORMATION
This software includes the following third-party components:
[Package Name] ([Version])
License: [License]
[Copyright notice]
---
[Continue for all dependencies]
```
---
## Policy Compliance
| Policy Rule | Status | Details |
|-------------|--------|---------|
| No GPL in proprietary | [Status] | [Details] |
| No AGPL | [Status] | [Details] |
| All licenses identified | [Status] | [Details] |
| Attributions complete | [Status] | [Details] |
.NET-Specific Commands
For .NET projects, the following commands are useful:
# Install license checker
dotnet tool install --global dotnet-project-licenses
# Generate license report
dotnet-project-licenses -i ./MySolution.sln
# Generate SBOM
dotnet CycloneDX ./MySolution.sln -o sbom.json -j
Related Skills
melodic-software/milan-jovanovic-blog
development
VerifiedTrustedCommunity
Search Milan Jovanovic's .NET blog for Clean Architecture, DDD, CQRS, EF Core, and ASP.NET Core patterns. Use for finding applicable patterns, code examples, and architecture guidance. Invoke when working with .NET projects that could benefit from proven architectural patterns.
47SKILL.mdUpdated Apr 7, 2026
melodic-software/setup-dab
tools
VerifiedTrustedCommunity
Install and configure Data API Builder (DAB) for production SQL Server MCP access with RBAC
47SKILL.mdUpdated Apr 7, 2026
melodic-software/mssql
tools
VerifiedTrustedCommunity
Manage MssqlMcp servers - status, rebuild, and upstream updates
47SKILL.mdUpdated Apr 7, 2026
melodic-software/onboarding
tools
VerifiedTrustedCommunity
Developer environment setup guides for Windows, macOS, Linux, and WSL. Use when setting up development machines, installing tools, configuring environments, or following platform-specific setup guides. Covers package management, shell/terminal, code editors, AI tooling, containerization, databases, and more.
47SKILL.mdUpdated Apr 7, 2026