FOSSA Logo
S

Source-Available Licensing

Source-available licensing allows access to source code while restricting certain usage rights, striking a middle ground between open source and proprietary software models.

What is Source-Available Licensing?

Source-available licensing refers to a category of software licenses that allow users to view, access, and sometimes modify source code, but impose restrictions that prevent the software from qualifying as open source under the Open Source Definition (OSD). While these licenses permit visibility into the code, they typically restrict certain rights that are fundamental to open source software, such as commercial use, redistribution, or creation of derivative works.

Source-available licenses occupy a middle ground between proprietary closed-source software and fully open source software. They emerged as companies sought business models that balance code transparency with commercial protection, particularly for cloud-based and SaaS offerings.

Source-Available vs. Open Source

The fundamental distinction between source-available and open source licensing lies in the freedoms granted to users:

| Open Source | Source-Available | |-------------|------------------| | Allows unrestricted use for any purpose | May restrict commercial use or specific use cases | | Permits unrestricted modification and creation of derivative works | May limit derivative works or require special licensing | | Allows unrestricted redistribution | May prohibit or limit redistribution | | Non-discriminatory against fields of endeavor | May discriminate against certain business models or industries | | License applies equally to all users | May apply different terms to different user categories |

The Open Source Initiative (OSI), the steward of the Open Source Definition, does not recognize source-available licenses as open source, regardless of how transparent they make the code.

Common Types of Source-Available Licenses

1. Commercial Restriction Licenses

These licenses restrict commercial use of the software without purchasing additional rights:

  • Commons Clause: An addendum that can be applied to open source licenses to prohibit "selling" the software
  • Prosperity Public License: Allows non-commercial use but requires payment for commercial use after trial period
  • Business Source License (BSL): Starts with source-available terms that convert to open source after a specified period

2. Network/Service Protection Licenses

These licenses address the "cloud loophole" where service providers can use but not distribute modified software:

  • Server Side Public License (SSPL): Requires making source code available when offering the software as a service
  • Elastic License: Prohibits providing the software as a hosted service to third parties
  • RedisSource License: Restricts use in database, caching, or similar services

3. Reciprocal Source-Available Licenses

These licenses require sharing of source code but have other restrictions that disqualify them from being open source:

  • Confluent Community License: Requires sharing modifications but prohibits offering the software as a service
  • Cockroach Community License: Requires sharing source code but restricts offering commercial database services

Impact on Software Supply Chains

Source-available licensing creates several challenges for software supply chains:

1. License Compliance Complexity

Organizations must carefully track source-available components separately from open source, as they carry different obligations and restrictions. This adds complexity to license compliance programs and may require specialized tools.

2. Redistribution Restrictions

Many source-available licenses restrict redistribution or the creation of competing services, which can limit how software containing these components can be packaged, sold, or deployed.

3. Deployment Constraints

Source-available licenses may restrict where and how software can be deployed, particularly in cloud or SaaS environments, requiring careful review before incorporation into products.

4. Community Limitations

Projects under source-available licenses typically attract smaller contributor bases and ecosystems than fully open source alternatives, potentially impacting longevity and security.

5. Compatibility Issues

Source-available licensed components often cannot be combined with components under copyleft open source licenses, creating complex dependency constraints.

Source-Available License Detection and Management

Identifying and managing source-available licenses requires specialized approaches:

  1. License Scanning: Automated tools must recognize source-available licenses, which often combine standard open source license text with additional clauses or restrictions.

  2. Component Inventory: Organizations need comprehensive component inventories that clearly distinguish between open source and source-available components.

  3. Policy Definition: Legal and compliance policies should explicitly address source-available software and define acceptable use cases.

  4. Approval Workflows: Organizations typically require additional review and approval for source-available components due to their commercial restrictions.

  5. License Evolution Monitoring: Since many source-available licenses are relatively new and evolving, organizations must track license changes that may affect existing dependencies.

How FOSSA Handles Source-Available Licensing

FOSSA provides comprehensive support for managing source-available licenses:

  1. License Detection: FOSSA's scanner identifies source-available licenses and distinguishes them from open source licenses, even when they use similar base text with added restrictions.

  2. Policy Management: FOSSA enables organizations to create specific approval policies for source-available licenses based on their unique risk tolerance and usage context.

  3. Restriction Analysis: FOSSA analyzes and highlights specific restrictions in source-available licenses that may impact product development or distribution.

  4. Commercial Usage Detection: FOSSA can flag when software use may trigger commercial restrictions in source-available licenses based on deployment contexts.

  5. License Change Monitoring: FOSSA tracks changes to license terms for source-available components, alerting teams when compliance status may be affected.

Best Practices for Source-Available License Compliance

1. Thorough Initial Review

Before incorporating a source-available component, conduct thorough legal review of license terms, particularly regarding:

  • Commercial usage restrictions
  • Redistribution limitations
  • Service offering constraints
  • Attribution requirements

2. Usage Documentation

Document exactly how source-available components are used and deployed to ensure compliance with specific restrictions:

  • Internal vs. external deployment
  • Integration methods
  • Distribution approaches
  • Revenue association

3. Business Model Alignment

Evaluate whether source-available restrictions align with your business model and product strategy before adoption:

  • SaaS or hosted service implications
  • Redistribution requirements
  • Customer deployment scenarios
  • Competitive considerations

4. Alternatives Assessment

Always identify potential open source alternatives to source-available components to weigh licensing risks against technical benefits:

  • Feature comparison
  • Maintenance status
  • Community health
  • Long-term sustainability

5. Dependency Isolation

Where possible, isolate source-available components to minimize their impact on your overall software architecture:

  • Clear API boundaries
  • Modular architecture
  • Replacement pathways
  • Feature toggles

Conclusion

Source-available licensing represents an increasingly important middle ground in the software ecosystem between fully proprietary and fully open source models. While these licenses offer benefits in terms of code visibility and limited usage rights, they introduce significant compliance challenges for software supply chains.

Organizations must approach source-available components with clear understanding of their restrictions and implications. With proper license detection, policy enforcement, and compliance practices, companies can safely incorporate source-available software where appropriate while avoiding potentially costly licensing violations or business model conflicts.

As the software industry continues to evolve, source-available licensing will likely remain an important part of the licensing landscape, requiring sophisticated supply chain management tools and practices to navigate effectively.