Reviewing Licensing Issues

Filter, sort, and act on licensing issues, with bulk actions, auto-ignore rules, and the issue drawer explained.

11 min readUpdated Jul 9, 2026

Overview

The issues inbox is where you triage, resolve, and track licensing issues across your projects. Issues are split into two tabs:

  • Active: issues that require attention
  • Ignored: issues that have been reviewed and suppressed

For a breakdown of what each issue type means, see Understanding Licensing Issues.

Filtering

Global Licensing issues page showing 163 active issues with the filter panel on the right including Depth, Ticket, Issue Type, Licenses, First Found, and Package Manager filter groups

Depth

OptionShows
DirectIssues on direct dependencies only
TransitiveIssues on transitive (indirect) dependencies only

Ticket

Ticketed is a parent option with two children; selecting it includes both:

OptionShows
Ticketed → Jira IntegrationIssues linked via the native Jira integration
Ticketed → URL linkedIssues with a manually added URL link
Not ticketedIssues with no ticket association

Issue Type

OptionShows
Deniedpolicy_conflict: license matched a Deny rule
Flaggedpolicy_flag: license matched a Flag for Review rule
Unlicensedunlicensed_dependency: no license detected
Unconcludedunconcluded_dependency: multiple licenses detected, none concluded
Concluded (Multi)multi_license_concluded: multiple licenses detected, one manually concluded

Note

Unconcluded and Concluded (Multi) filter options only appear when the License Concluded feature is enabled for your organization.

License Identification

OptionShows
DeclaredIssues from licenses declared by the package author in the package metadata
DiscoveredIssues from licenses FOSSA detected through scanning that the author may not have declared

Issue Source

Enterprise feature

This functionality is gated behind a feature flag and may not be enabled for your organization by default. Reach out to your account team to request access.

Where the issue originates. Which options appear depends on the detection features enabled for your org.

OptionShows
DependencyIssues on dependencies resolved from a package manager
SnippetIssues on license matches found in your first-party source via Snippet Scanning
Managed DependencyPackage-manager dependencies (shown when Vendored Dependency Detection is enabled and you're outside global scope)
Vendored DependencyDependencies copied into your source tree (same condition)

Licenses

A multi-select of every license currently present in the scope; filters issues down to the licenses you choose.

First Found

OptionShows
AnytimeAll issues regardless of when they were found
Last 7 daysIssues first detected in the last 7 days
Last 14 daysIssues first detected in the last 14 days
Last 30 daysIssues first detected in the last 30 days

Package Manager

Filters issues to those from a specific ecosystem or package manager. Only ecosystems present in the current scope (global, project, or release group) are shown.

Dependency Confidence

Enterprise feature

This functionality is gated behind a feature flag and may not be enabled for your organization by default. Reach out to your account team to request access.

Shown for binary projects (Binary Decomposition). Filters by FOSSA's confidence in the detected dependency: High, Medium, Low, or Unknown.

Layer

Shown for container projects. Filters by image layer:

OptionShows
Base LayerIssues from the image's base layer
Other LayersIssues from layers built on top of the base

Project Labels

Global scope only. Filters to issues in projects tagged with specific FOSSA project labels. Select multiple labels (OR logic); disabled if your org has no labels.

Note

To narrow issues to a team, use the team selector in the inbox header; it's a scope control, not part of the filter panel.

Note

Select Reset all filters at any time to clear all active filters and show every issue.

Sorting

Use the sort dropdown to order issues by:

Sort optionDescription
NewestIssues found most recently first
OldestIssues found longest ago first
Package (A-Z)Alphabetical by package name
Package (Z-A)Reverse alphabetical by package name
Most issuesPackages with the highest issue count first
Least issuesPackages with the lowest issue count first

Note

Default sort is Most issues when grouped by version, and Package (A-Z) when ungrouped.

Issue grouping

Issues are grouped by semantic version by default. To switch to an ungrouped view, select Version in the inbox header and change it to Ungrouped.

Issue actions

Select one or more issues with their checkboxes, then open the Actions menu at the top of the inbox; it stays disabled until at least one issue is selected. Available actions depend on product type, issue status, scope, and whether you're acting on one or many issues.

Warning

Not all actions are available in every context. Check the table below for the full breakdown.

Note

Under an organization setting, the Ignore / Unignore actions can instead display as Resolve / Unresolve: same behavior, different wording. The "current version only" vs "all versions" choice below is made in the ignore modal, not as two separate menu items.

ActionDescriptionTypeProductsStatusScope
Ignore (current version only)Ignores the issue for the current semantic version of the affected package, in the selected project(s) only. A new revision with any other version will generate a new active issue.Individual, BulkLicensing, Security, QualityActiveGlobal, Release group, Project
Ignore (all versions)Ignores the issue across all semantic versions of the affected package. Only available for individual project issues. Scoped to the selected issue type only.IndividualLicensing, SecurityActiveProject
Create ticketCreates a Jira ticket containing the selected issues. If a previously ticketed issue is selected, it links to the new ticket only.Individual, BulkLicensing, Security, QualityActive, IgnoredGlobal, Release group, Project
Unlink ticketRemoves the association between the selected issues and any linked tickets.Individual, BulkLicensing, Security, QualityActive, IgnoredGlobal, Release group, Project
Generate CSVDownloads a CSV of the selected issues, scoped to the current issue status tab.Individual, BulkLicensing, Security, QualityActive, IgnoredGlobal, Release group, Project
UnignoreChanges selected issues from Ignored back to Active. Does not stop any existing auto-ignore rules.Individual, BulkLicensing, Security, QualityIgnoredGlobal, Release group, Project

Auto-ignore rules

Auto-ignore rules persist an ignore decision beyond a single revision or project. When you ignore an issue, you can configure the scope of that decision so it applies automatically to future versions or projects.

Warning

Auto-ignore rules apply to current and future projects within the selected scope. Use with care; see Managing auto-ignore rules for how to stop them.

Auto-ignore applies to the combination of:

  • Package(s)
  • Project(s)
  • Issue type (Denied license, Flagged license, or a CVE)

Where should it be ignored

When ignoring an issue with the necessary permissions, you'll see a Where should it be ignored? prompt:

ScopeEffect
In this projectAuto-ignore rule scoped to the selected project only
Include release groupsScoped to the selected project and any release group containing it, including future ones
In this release groupScoped to the selected release group only (release group inbox only)
In the licensing policyScoped to the policy used by the selected project; applies to any other project or release group using that policy
GloballyScoped to all projects and release groups regardless of policy

Which versions

ScopeEffect
Selected versionAuto-ignore rule scoped to the current package version only
All versionsScoped to all versions of the package, current and future

Note

Selecting In this project and Selected version together does not create an auto-ignore rule. The issue is suppressed in all revisions of this project that include that exact package version, but will become active again for any new package version or new project.

Managing auto-ignore rules

From any issue inbox (Global, Project, or Release Group), click Ignore Rules to see all applicable rules for that scope.

  • The Global inbox shows all auto-ignore rules across every scope
  • Project and Release Group inboxes show only applicable scoped rules plus all global rules

Each ignore rule shows:

ColumnDescription
Issue IgnoredThe issue type (Denied, Flagged, Unlicensed) and the specific license
PackagePackage name
VersionSpecific package version, or All
ScopeGlobal, Policy, Project, or Project + Release Group
ByUser who created the rule
NoteReason provided when the rule was created; also shown in issue details

Use the action icon on the far right of any row to remove a rule.

Ignore Rules page showing a table of auto-ignore rules with columns for Issue Ignored, Package, Version, Scope, By, and Note, with an action icon to remove each rule

Auto-ignore permissions

ScopeRequired permissions
ProjectResolve Licensing issues of projects for the selected project or all projects
Release groupResolve Licensing issues of release group and access to the selected release group or all release groups
Project + release groupResolve Licensing issues of project and Resolve Licensing issues of release group, plus access to the selected project and all release groups
PolicyCreate Licensing policy
GlobalResolve Licensing issues of project and Resolve Licensing issues of release group, plus access to all projects and release groups

Note

Permission names in this table are taken from the legacy docs and have not been verified against current permission settings. Confirm exact names in Settings → Organization → Roles.

Issue drawer

Click anywhere on an issue row to open the issue drawer for a detailed view without leaving the inbox.

Licensing issue drawer showing the GPL-3.0-only Flagged issue with Expand, Share, and Close controls in the top-right corner, Issue and Projects tabs, and license details below

Controls in the top-right corner:

ControlAction
ExpandOpens the issue in a full-screen view in a new tab
ShareCopies a link to the expanded issue view
CloseCloses the drawer

Drawer tabs

The drawer has top-level tabs:

TabShows
IssueThe issue itself, in the stacked sections below.
LicensesEvery license detected on the package, each marked Declared or Discovered. (Appears for a licensing issue when License Conclusions is enabled.)
ProjectsThe affected projects (with a count badge). See the table below.
CommentsA time- and user-stamped comment thread for triage discussions (with a count badge).

Within the Issue tab, content is stacked in these sections:

SectionShows
Issue DetailsIssue type (Flagged, Denied, Unlicensed…), package depth per project, and any policy notes for the detected license
File MatchesWhere the license was found (Declared or Discovered), with file path and line numbers; use the dropdown to explore additional paths
DependencyPackage name, version, depth, and package manager/ecosystem

The Projects tab lists every affected project:

ColumnDescription
Project NameTitle of the project in FOSSA
Issue StatusWhether the issue is Active or Ignored in that project
View PathThe dependency path showing where the package was detected

What's next

  • License Corrections: Fix incorrect or missing license data when FOSSA's detection doesn't match reality.
  • License Conclusions: Determine a single dominant license per dependency when multiple licenses are detected.
  • Licensing Policies: Set up policy rules to automatically flag, deny, or permit licenses across your organization.
© 2026 FOSSA, Inc.support@fossa.com