Discussion: Enhanced License Compliance for crates.io

miikkas · November 9, 2025, 1:19pm

100 % agreed on this, as someone working in the sector of medical software.

In my experience it is not strictly like that. The Notified Body auditing your product may raise an NC for a problem they have noticed, but generally you then get to handle the specific problem they found, instead of having to go through the whole certification process from the beginning.

miikkas · November 9, 2025, 1:27pm

FWIW, there's also ScanCode, which:

detects licenses, copyrights, package manifests, direct dependencies, and more both in source code and binary files

(I don't know if it can detect if conflicting licenses are included in the same software.)

Topic		Replies	Views
[Idea] Declaring obligations associated with licensed use or linkage cargo	14	1199	April 24, 2019
[Pre-RFC] Lang-Level License Management tools and infrastructure	53	2912	May 13, 2020
Where does Cargo check manifest "license" value a standard SPDX expression? tools and infrastructure	3	699	June 30, 2022
Adding a Reliability Rating System to Crates.io tools and infrastructure	20	950	October 6, 2025
Crate capability lists	32	4824	March 25, 2019

Discussion: Enhanced License Compliance for crates.io

Related topics